tech-toolchain archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: TOCTOU bug in make(1)
On Thu, Oct 06, 2022 at 09:43:35PM +0200, Joerg Sonnenberger wrote:
> > I ran CodeQL, a SAST tool, against trunk. It found a TOCTOU vulnerability
> > in the `unlink_file` function of make(1). The function is a small wrapper
> > over unlink(2), but it first checks that the file exists using lstat(2).
> > Although I don't see an immediate danger here, I admit I'm not
> > very imaginative for vulnerabilities.
>
> This is necessary for historic reasons because old UNIX systems allows
> unlink(2) on directories with bad consequences.
Also, even if unlink() on a directory actually results in a correct
rmdir, changing the behavior of that function so that delete-target-
on-error sometimes removes directories and sometimes doesn't,
depending on the OS or even on the filesystem in use, doesn't seem
like a good idea.
Meanwhile, make is unprivileged and it already by design executes
arbitrary code from its input files, so it would be very difficult to
create any kind of situation that could reasonably be called a
"vulnerability".
--
David A. Holland
dholland%netbsd.org@localhost
Home |
Main Index |
Thread Index |
Old Index