symbolic link curiousity in 3.6.0
Paul Eggert
eggert@cs.ucla.edu
Mon Mar 31 18:12:52 GMT 2025
On 3/31/25 11:27, Pádraig Brady wrote:
> The file could be deleted at any time.
> We're just suppressing errors in the edge case it's deleted
More generally, though, the file could be renamed and another put in its
place, which means that an attacker could cause 'ls' to generate a line
that does not correspond to any state of any file.
For this sort of attack an O_PATH solution is the only defense I can
think of (for systems with O_PATH and /proc/self/fd; I don't know of
solutions elsewhere.) And if we use O_PATH for this, we've solved the
problem for the file-being-deleted case too.
More information about the Cygwin
mailing list