Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
I believe this indicates a security flaw, If an attacker can change anything along the path between the call
Request team to have a look and validate.
You are correct that it is possible to make changes to a path between calling M_fs_perms_can_access and doing something with the path. However, this function is conforming to ISO/IEC 9945-1:1990 and the same security considerations apply when using "access" directly. I'll add a note to the documentation making this more explicit.
As long as it’s not used to make an access control decision it’s okay to use the function. Meaning if the file system call is made regardless of the outcome of access it should be safe to use this function.
M_fs_file_open_sys on Windows is a place where M_fs_perms_can_access is used. It’s used to determine if the file exists before opening to know if the modified time should be updated due to “file system tunneling” not updating the access time as expected. There is no way to know from CreateFile if the file was created and opened or just opened. In this situation the CreateFile call is not dependent on the access call. Worst case the file time is not updated or is updated when it didn’t need to be. Since CreateFile is called regardless of the result of access and access is only used to determine if the file time should be updated this is not an insecure use.
We will review other places it this is used to determine if they are safe uses.
A review of the file portion of the fs code has been completed. This is not a comprehensive review but addresses the concerns of this ticket.