Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

instchown: operate on fds, not filenames. #266

Merged
merged 1 commit into from
Feb 23, 2024
Merged

instchown: operate on fds, not filenames. #266

merged 1 commit into from
Feb 23, 2024

Conversation

schmonz
Copy link
Member

@schmonz schmonz commented Feb 2, 2024
edited

The previous code had been flagged by CodeQL as "TOCTOU". It's not -- at worst, it's time-of-chown to time-of-chmod -- but this will run more efficiently (and make the warnings go away).

Tested like so:

#!/bin/sh

set -e

for i in true mandoc; do
	sudo rm -rf /var/tmp/qmail-staging $(head -1 conf-qmail)
	make clean
	make -j 4 it man NROFF=$i test
	env DESTDIR=/var/tmp/qmail-staging make package
	sudo env DESTDIR=/var/tmp/qmail-staging ./instchown
	sudo make package
	sudo ./instchown
	sudo ./instcheck
done

@schmonz schmonz added this to the 1.09 milestone Feb 2, 2024
@schmonz schmonz linked an issue Feb 2, 2024 that may be closed by this pull request
"TOCTOU" in instchown.c #263
Closed
josuah
josuah approved these changes Feb 2, 2024
View reviewed changes
Copy link

@josuah josuah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Who knows, some deployments of notqmail might be done automatically, and better not have some different file used between the chown and chmod. I do not see a TOCTOU though, maybe I missed it...

Does not hurt to have it done with a file descriptor...

@schmonz
Copy link
Member Author

schmonz commented Feb 2, 2024

Yes, AFAICT it's limited to time-of-chown vs time-of-chmod. But (if I can get it to actually work) as you say, seems wise to not be in position to find out whether it's anything worse.

DerDakon
DerDakon reviewed Feb 3, 2024
View reviewed changes
Copy link
Member

@DerDakon DerDakon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While I think the automated report it rather pointless and this is no real issue, I actually like that change because it is way more efficient for the OS at the end.

instchown.c Outdated Show resolved Hide resolved
instchown.c Outdated Show resolved Hide resolved
@DerDakon DerDakon self-requested a review February 3, 2024 08:48
DerDakon
DerDakon requested changes Feb 3, 2024
View reviewed changes
Copy link
Member

@DerDakon DerDakon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

wrong checkbox

@schmonz schmonz changed the title Just the installer, but fix TOCTOU (thanks CodeQL). instchown: operate on fds, not filenames. Feb 3, 2024
@schmonz schmonz requested a review from DerDakon February 3, 2024 19:41
@schmonz
instchown: operate on fds, not filenames.
a0ccd53 
The previous code had been flagged by CodeQL as "TOCTOU". It's not -- at
worst, it's time-of-chown to time-of-chmod -- but this will run more
efficiently (and make the warnings go away).
@schmonz schmonz merged commit bd9c438 into master Feb 23, 2024
50 checks passed
@schmonz schmonz deleted the schmonz-instchown-toctou branch February 23, 2024 18:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mbhangui mbhangui mbhangui approved these changes

@DerDakon DerDakon DerDakon approved these changes

@josuah josuah josuah approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.09
Development

Successfully merging this pull request may close these issues.

"TOCTOU" in instchown.c
4 participants
@schmonz @mbhangui @DerDakon @josuah