bug#32772: TOCTOU bug in chmod

bug-coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#32772: TOCTOU bug in chmod

From:	Jeff Epler
Subject:	bug#32772: TOCTOU bug in chmod
Date:	Wed, 19 Sep 2018 19:47:57 -0500

Thanks for the correction, I should have not suggested a fix off the top of
my head.

On Wed, Sep 19, 2018 at 2:57 PM Paul Eggert <address@hidden> wrote:

> Jeff Epler wrote:
> > Changing to lchmodat should resolve the problem
>
> No, that would just introduce the opposite bug: chmod is supposed to
> follow a
> symlink, and using lchmod would let an attacker provoke a race that would
> cause
> chmod to not follow a symlink that it should.
>
> A better way to fix this problem on GNU/Linux is to use O_PATH, not
> lchmod. I
> don't know of any way to fix it on other platforms that lack O_PATH.
>

[Prev in Thread]

Current Thread

[Next in Thread]

bug#32772: TOCTOU bug in chmod, Jeff Epler, 2018/09/19
- bug#32772: TOCTOU bug in chmod, Paul Eggert, 2018/09/19
  - bug#32772: TOCTOU bug in chmod, Jeff Epler <=

Prev by Date: bug#32772: TOCTOU bug in chmod
Next by Date: bug#32796: please consider using renameat2 from glibc if available
Previous by thread: bug#32772: TOCTOU bug in chmod
Next by thread: bug#32774: Filenames with spaces in ls
Index(es):
- Date
- Thread