- Notifications
You must be signed in to change notification settings - Fork129
core: fix TOCTOU race condition#277
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
base:master
Are you sure you want to change the base?
Uh oh!
There was an error while loading.Please reload this page.
Conversation
Separately checking the state of a file before operating on it may allowan attacker to modify the file between the two operations.Signed-off-by: Mingjie Shen <shen497@purdue.edu>
msteveb commentedAug 23, 2023
Thanks. Technically you are right, but in practice if an attacker can modify or replace the file you are sourcing, you have bigger problems that either allocating too much memory if the size decreased or failing to read the entire file if the size increased. |
szsam commentedAug 24, 2023
I don't believe the existing code can detect whether the entire file is read. When Lines 11650 to 11652 in9784dcf
|
msteveb commentedAug 24, 2023
That's true, but does it matter? If an attacker can modify or replace the file we can easily come up with simple attacks regardless. If the file is extended after stat but before read, why does it matter? It could just have easily been extended after read and then we wouldn't see it regardless? I just want to understand if there is any real scenario where this might cause a problem |
msteveb commentedAug 27, 2023
I would be incline to merge it anyway, since it doesn't hurt anything. But we don't rely on fstat() being available - hence bootstrap jimsh build fails. |
Separately checking the state of a file before operating on it may allow an attacker to modify the file between the two operations.