tech-toolchain archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: TOCTOU bug in make(1)
Am Thu, Oct 06, 2022 at 08:05:51PM +0000 schrieb David Holland:
> On Thu, Oct 06, 2022 at 09:43:35PM +0200, Joerg Sonnenberger wrote:
> > > I ran CodeQL, a SAST tool, against trunk. It found a TOCTOU vulnerability
> > > in the `unlink_file` function of make(1). The function is a small wrapper
> > > over unlink(2), but it first checks that the file exists using lstat(2).
> > > Although I don't see an immediate danger here, I admit I'm not
> > > very imaginative for vulnerabilities.
> >
> > This is necessary for historic reasons because old UNIX systems allows
> > unlink(2) on directories with bad consequences.
>
> Also, even if unlink() on a directory actually results in a correct
> rmdir, changing the behavior of that function so that delete-target-
> on-error sometimes removes directories and sometimes doesn't,
> depending on the OS or even on the filesystem in use, doesn't seem
> like a good idea.
Actually, the correct and expected behavior is that it fails on
directories. unlink and rmdir are supposed to be symmetrical in that
regard.
Joerg
Home |
Main Index |
Thread Index |
Old Index