Re: TOCTOU bug in make(1)

To: tech-toolchain%netbsd.org@localhost
Subject: Re: TOCTOU bug in make(1)
From: Lloyd Parkes <lloyd%must-have-coffee.gen.nz@localhost>
Date: Fri, 7 Oct 2022 09:07:10 +1300



On 7/10/22 08:43, Joerg Sonnenberger wrote:

Am Thu, Oct 06, 2022 at 01:19:24PM -0500 schrieb Mario Campos:

I ran CodeQL, a SAST tool, against trunk. It found a TOCTOU vulnerability
in the `unlink_file` function of make(1). The function is a small wrapper
over unlink(2), but it first checks that the file exists using lstat(2).
Although I don't see an immediate danger here, I admit I'm not
very imaginative for vulnerabilities.


This is necessary for historic reasons because old UNIX systems allows
unlink(2) on directories with bad consequences.

That's a good point. Personally, I had forgotten that unlinkingdirectories was a thing. We should put a comment in the code forunlink_file() about that.


Cheers,
Lloyd

Follow-Ups:
- Re: TOCTOU bug in make(1)
  - From: Joerg Sonnenberger

References:
- TOCTOU bug in make(1)
  - From: Mario Campos
- Re: TOCTOU bug in make(1)
  - From: Joerg Sonnenberger

Prev by Date: Re: TOCTOU bug in make(1)
Next by Date: Re: TOCTOU bug in make(1)
Previous by Thread: Re: TOCTOU bug in make(1)
Next by Thread: Re: TOCTOU bug in make(1)
Indexes:

Home | Main Index | Thread Index | Old Index