Skip to content

install: prevent TOCTOU race attack #10067

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Dolphindalt wants to merge 6 commits into
base: main
Choose a base branch
from
Open

install: prevent TOCTOU race attack #10067

Dolphindalt wants to merge 6 commits into from
+39 −42

Conversation

@Dolphindalt
Copy link

@Dolphindalt Dolphindalt commented Jan 5, 2026
edited
Loading

Description

See #10023 for details on the vulnerability and how to test/reproduce.

This PR fixes the vulnerability by using atomic exclusive creation with the O_EXCL flag.

  • create_new() ensures the file is created atomically
  • Fails if anything exists at the path (including symlinks)
  • Prevents following symlinks, even if created during the race window

Testing

@cakebaker cakebaker linked an issue Jan 5, 2026 that may be closed by this pull request
install TOCTOU symlink race: unlink-then-create without O_EXCL #10023
Open
@github-actions
Copy link

github-actions bot commented Jan 5, 2026

GNU testsuite comparison:

Skipping an intermittent issue tests/timeout/timeout (passes in this run but fails in the 'main' branch)

@github-actions
Copy link

github-actions bot commented Jan 5, 2026

GNU testsuite comparison:

Skip an intermittent issue tests/timeout/timeout (fails in this run but passes in the 'main' branch)

@Dolphindalt
Copy link
Author

Dolphindalt commented Jan 6, 2026

I suspect that the failure is a flaky test as it is unrelated to the changes. I pulled in the latest changes from main just in case.

@github-actions
Copy link

github-actions bot commented Jan 6, 2026

GNU testsuite comparison:

GNU test failed: tests/tty/tty-eof. tests/tty/tty-eof is passing on 'main'. Maybe you have to rebase?

@codspeed-hq
Copy link

codspeed-hq bot commented Jan 6, 2026
edited
Loading

Merging this PR will not alter performance

✅ 141 untouched benchmarks
⏩ 38 skipped benchmarks1

Comparing Dolphindalt:main (f6f3b08) with main (0d403a4)

Open in CodSpeed

Footnotes

  1. 38 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports.

@Dolphindalt
Copy link
Author

Dolphindalt commented Jan 10, 2026

GNU tests failed because downloading a test dependency failed. Must be a flaky test. Brought up to date with master again. Please re-run tests again.

@Dolphindalt
Copy link
Author

Dolphindalt commented Jan 11, 2026

I'm certain that the test failures are disjoint from the changes. Any idea as to why they continue to fail?

@github-actions
Copy link

github-actions bot commented Jan 11, 2026

GNU testsuite comparison:

Skipping an intermittent issue tests/timeout/timeout (passes in this run but fails in the 'main' branch)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

install TOCTOU symlink race: unlink-then-create without O_EXCL

1 participant

@Dolphindalt