Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Potential TOCTOU Attack Surface #611

Open
nevercodecorrect opened this issue Jan 19, 2024 · 8 comments
Open

Potential TOCTOU Attack Surface #611

nevercodecorrect opened this issue Jan 19, 2024 · 8 comments
Labels
Fix available in next release Issue has been fixed, wait for next release investigating More tests are required to validate this issue
Projects
WordOps v4.0

Comments

@nevercodecorrect
Copy link

Hello,
In the code here, the conf_path file priviledge is changed after the creation and data writing. A malicious attacker could perform TOCTOU attack to read/write the data before the priviledge changing if he knows the timing of the program execution. This is similar to the CVE-2022-23651 that the file permission is changed a bit late. There are also other instances of the same issue in the same file.
@VirtuBox
Copy link
Member

Hello @nevercodecorrect,
Thanks for your report.
So to fix this issue, WordOps should set file priviledge before writing data into files ?

@VirtuBox VirtuBox added the investigating More tests are required to validate this issue label Jan 19, 2024
@nevercodecorrect
Copy link
Author

that could be one way. You could also directly give permissions at creation time like below which is also the fix to that known cve

fd = os.open(
            self.filename,
            flags=os.O_RDWR | os.O_CREAT,
            mode=stat.S_IRUSR | stat.S_IWUSR,
        )
 os.close(fd)

@VirtuBox
Copy link
Member

VirtuBox commented Feb 1, 2024

Thanks for your report @nevercodecorrect, I'm going to work on this issue.

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 3, 2024

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

@github-actions github-actions bot added the Stale label Mar 3, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 9, 2024

This issue was closed because it has been stalled for 5 days with no activity.

@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Mar 9, 2024
@VirtuBox
Copy link
Member

Fix will be available soon

@VirtuBox VirtuBox reopened this May 17, 2024
@VirtuBox VirtuBox added Fix available in next release Issue has been fixed, wait for next release and removed Stale labels May 17, 2024
@VirtuBox VirtuBox added this to In progress in WordOps v4.0 May 17, 2024
@VirtuBox
Copy link
Member

@nevercodecorrect Does this seem correct to you? 31353f0

@nevercodecorrect
Copy link
Author

Yes this looks correct

@VirtuBox VirtuBox moved this from In progress to Done in WordOps v4.0 May 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Fix available in next release Issue has been fixed, wait for next release investigating More tests are required to validate this issue
Projects
WordOps v4.0
  
Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@VirtuBox @nevercodecorrect