|
From: | Paul Eggert |
Subject: | bug#32772: TOCTOU bug in chmod |
Date: | Wed, 19 Sep 2018 12:56:59 -0700 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 |
Jeff Epler wrote:
Changing to lchmodat should resolve the problem
No, that would just introduce the opposite bug: chmod is supposed to follow a symlink, and using lchmod would let an attacker provoke a race that would cause chmod to not follow a symlink that it should.
A better way to fix this problem on GNU/Linux is to use O_PATH, not lchmod. I don't know of any way to fix it on other platforms that lack O_PATH.
[Prev in Thread] | Current Thread | [Next in Thread] |