Skip to content

Update list of platforms vulnerable to TOCTOU in remove_dir_all#156702

Open
emilyalbini wants to merge 1 commit into
rust-lang:mainfrom
emilyalbini:ea-qyuqlszrnltt
Open

Update list of platforms vulnerable to TOCTOU in remove_dir_all#156702
emilyalbini wants to merge 1 commit into
rust-lang:mainfrom
emilyalbini:ea-qyuqlszrnltt

Conversation

@emilyalbini
Copy link
Copy Markdown
Member

@emilyalbini emilyalbini commented May 18, 2026

Neither platform can reasonably protect against TOCTOU in remove_dir_all:

  • VxWorks doesn't always have the required API (depending on how it's built), and its security model prevents untrusted processes from existing.
  • QNX itself is broken and prevents the use of openat(): in QNX 7.1, O_NOFOLLOW is straight up ignored, and in QNX 8.0 openat() works but there is a TOCTOU in the kernel itself.

@rustbot rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-libs Relevant to the library team, which will review and decide on the PR/issue. labels May 18, 2026
@rustbot
Copy link
Copy Markdown
Collaborator

rustbot commented May 18, 2026

r? @Mark-Simulacrum

rustbot has assigned @Mark-Simulacrum.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

Why was this reviewer chosen?

The reviewer was selected based on:

  • Owners of files modified in this PR: @ChrisDenton, libs
  • @ChrisDenton, libs expanded to 8 candidates

@Noratrieb
Copy link
Copy Markdown
Member

Noratrieb commented May 18, 2026

@bors r+ rollup

@rust-bors
Copy link
Copy Markdown
Contributor

rust-bors Bot commented May 18, 2026

📌 Commit 23a860e has been approved by Noratrieb

It is now in the queue for this repository.

@rust-bors rust-bors Bot added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels May 18, 2026
@JonathanBrouwer
Copy link
Copy Markdown
Contributor

JonathanBrouwer commented May 18, 2026

@bors r=noratrieb
Bors does not want to put this in a rollup for some reason, maybe this helps?

@rust-bors
Copy link
Copy Markdown
Contributor

rust-bors Bot commented May 18, 2026

📌 Commit 23a860e has been approved by noratrieb

It is now in the queue for this repository.

@JonathanBrouwer
Copy link
Copy Markdown
Contributor

JonathanBrouwer commented May 18, 2026

@bors r-

@rust-bors rust-bors Bot added S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. and removed S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. labels May 18, 2026
@rust-bors
Copy link
Copy Markdown
Contributor

rust-bors Bot commented May 18, 2026

This pull request was unapproved.

View changes since this unapproval

@rustbot rustbot removed the S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. label May 18, 2026
@rustbot rustbot added the S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. label May 18, 2026
@JonathanBrouwer
Copy link
Copy Markdown
Contributor

JonathanBrouwer commented May 18, 2026

@bors r=noratrieb

@rust-bors
Copy link
Copy Markdown
Contributor

rust-bors Bot commented May 18, 2026

📌 Commit 23a860e has been approved by noratrieb

It is now in the queue for this repository.

@rust-bors rust-bors Bot added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels May 18, 2026
@JonathanBrouwer
Copy link
Copy Markdown
Contributor

JonathanBrouwer commented May 18, 2026

Hmmm it's still saying
Merge of #156702 failed with error: NotFound

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@Mark-Simulacrum Mark-Simulacrum

Labels

S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. T-libs Relevant to the library team, which will review and decide on the PR/issue.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@emilyalbini @rustbot @Noratrieb @JonathanBrouwer @Mark-Simulacrum