bug#32772: TOCTOU bug in chmod

bug-coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#32772: TOCTOU bug in chmod

From:	Paul Eggert
Subject:	bug#32772: TOCTOU bug in chmod
Date:	Wed, 19 Sep 2018 12:56:59 -0700
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1

Jeff Epler wrote:

Changing to lchmodat should resolve the problem

No, that would just introduce the opposite bug: chmod is supposed to follow asymlink, and using lchmod would let an attacker provoke a race that would causechmod to not follow a symlink that it should.

A better way to fix this problem on GNU/Linux is to use O_PATH, not lchmod. Idon't know of any way to fix it on other platforms that lack O_PATH.

[Prev in Thread]

Current Thread

[Next in Thread]

bug#32772: TOCTOU bug in chmod, Jeff Epler, 2018/09/19
- bug#32772: TOCTOU bug in chmod, Paul Eggert <=
  - bug#32772: TOCTOU bug in chmod, Jeff Epler, 2018/09/19

Prev by Date: bug#32774: Filenames with spaces in ls
Next by Date: bug#32772: TOCTOU bug in chmod
Previous by thread: bug#32772: TOCTOU bug in chmod
Next by thread: bug#32772: TOCTOU bug in chmod
Index(es):
- Date
- Thread