Hi Jameson, On 07. 11. 18 16:03, Jameson Nash wrote: > After researching the literature (aka Google) on this, I've learned that > the TOCTOU on `chmod` apparently does not to extend to `lchmod`. In > particular, while it is not (possibly never?) safe to call `chmod`, it > is always safe to use `lchmod`.
This vulnerability does not lie in the `chmod` itself, but rather in the `stat`/`chmod` sequence. Basically, if an attacker manages to replace the file `/path` between these calls (i.e. with symlink, where the `lchmod` could help, but not limited to it), the code will end up copying unintended permissions from the old file to the new one. Granted, it is not great attack surface, but it is exploitable. Disclaimer: I'm far from security expert, so anyone is welcome in correcting the above paragraph, should it be wrong ;) -- Jan Staněk Associate Software Engineer, Core Services Red Hat Czech jsta...@redhat.com IM: jstanek -- You received this message because you are subscribed to the Google Groups "libuv" group. To unsubscribe from this group and stop receiving emails from it, send an email to libuv+unsubscr...@googlegroups.com. To post to this group, send email to libuv@googlegroups.com. Visit this group at https://groups.google.com/group/libuv. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature