top | item 43441674

(no title)

jgtrosh | 11 months ago

And? How does that do it?

discuss

IshKebab|11 months ago

I checked. It fopen's the file and then fstat's it. So it isn't vulnerable to TOCTOU.

However the TOCTOU is completely benign here. It's just an extra check before Rust opens the file so if you were to try to "exploit" it the only thing that would happen is you get a different error message.

oguz-ismail|11 months ago

> if you were to try to "exploit" it the only thing that would happen is you get a different error message

Can't reproduce this. If I do

    sudo strace -e inject=stat:delay_exit=30s:when=2 ./coreutils more foo

on one terminal and

    rm foo
    ln -s /etc/passwd foo

on another, I can see the contents of /etc/passwd on the first one.