Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

os: RemoveAll susceptible to symlink race [1.22 backport] #67696

Closed
gopherbot opened this issue May 29, 2024 · 2 comments
Closed

os: RemoveAll susceptible to symlink race [1.22 backport] #67696

gopherbot opened this issue May 29, 2024 · 2 comments
Labels
CherryPickApproved Used during the release process for point releases
Milestone

Comments

@gopherbot
Copy link
Contributor

@rolandshoemaker requested issue #52745 to be considered for backport to the next 1.22 minor release.

@gopherbot please open backport issues for this, it's a security hardening issue which fixes a long running TOCTOU race.

@gopherbot gopherbot added the CherryPickCandidate Used during the release process for point releases label May 29, 2024
@gopherbot gopherbot added this to the Go1.22.4 milestone May 29, 2024
@mdempsky mdempsky added CherryPickApproved Used during the release process for point releases and removed CherryPickCandidate Used during the release process for point releases labels May 29, 2024
@gopherbot
Copy link
Contributor Author

Change https://go.dev/cl/589056 mentions this issue: [release-branch.go1.22] os: RemoveAll: fix symlink race for unix

gopherbot pushed a commit that referenced this issue May 30, 2024
Since all the platforms now support O_DIRECTORY flag for open, it can be
used to (together with O_NOFOLLOW) to ensure we open a directory, thus
eliminating the need to call stat before open. This fixes the symlink race,
when a directory is replaced by a symlink in between stat and open calls.

While at it, rename openFdAt to openDirAt, because this function is (and was)
meant for directories only.

NOTE Solaris supports O_DIRECTORY since before Solaris 11 (which is the
only version Go supports since supported version now), and Illumos
always had it. The only missing piece was O_DIRECTORY flag value, which
is taken from golang.org/x/sys/unix.

Fixes #67696.

Change-Id: Ic1111d688eebc8804a87d39d3261c2a6eb33f176
Reviewed-on: https://go-review.googlesource.com/c/go/+/589056
Auto-Submit: Matthew Dempsky <mdempsky@google.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
@gopherbot
Copy link
Contributor Author

Closed by merging 7456575 to release-branch.go1.22.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
CherryPickApproved Used during the release process for point releases
Projects
None yet
Development

No branches or pull requests

2 participants