Movatterモバイル変換


[0]ホーム

URL:


Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

core: fix TOCTOU race condition#277

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Open
szsam wants to merge1 commit intomsteveb:master
base:master
Choose a base branch
Loading
fromIVOES:cpp/toctou-race-condition

Conversation

@szsam
Copy link

Separately checking the state of a file before operating on it may allow an attacker to modify the file between the two operations.

Separately checking the state of a file before operating on it may allowan attacker to modify the file between the two operations.Signed-off-by: Mingjie Shen <shen497@purdue.edu>
@msteveb
Copy link
Owner

Thanks. Technically you are right, but in practice if an attacker can modify or replace the file you are sourcing, you have bigger problems that either allocating too much memory if the size decreased or failing to read the entire file if the size increased.

sgbeal reacted with thumbs up emoji

@szsam
Copy link
Author

I don't believe the existing code can detect whether the entire file is read. Whensb.st_size is smaller than the actual file size,read() still succeeds.

jimtcl/jim.c

Lines 11650 to 11652 in9784dcf

readlen=read(fd,buf,sb.st_size);
close(fd);
if (readlen<0) {

@msteveb
Copy link
Owner

That's true, but does it matter? If an attacker can modify or replace the file we can easily come up with simple attacks regardless. If the file is extended after stat but before read, why does it matter? It could just have easily been extended after read and then we wouldn't see it regardless? I just want to understand if there is any real scenario where this might cause a problem

sgbeal reacted with thumbs up emoji

@msteveb
Copy link
Owner

I would be incline to merge it anyway, since it doesn't hurt anything. But we don't rely on fstat() being available - hence bootstrap jimsh build fails.

Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@szsam@msteveb

[8]ページ先頭

©2009-2025 Movatter.jp