Skip to content

Commit df1bd54

Browse files
mktemp: Prevent race condition when setting permissions for tempdir
This prevents a race conditions vulnerability in the tempdir implementation, where an attacker potentially could modify the created temporary directory, before the restrictive permissions are set. The race conditions occurs in the moment between the temporary directory is created, and the proper permissions are set. # The fix This patch changes the `make_temp_dir` to create the temporary directory with the proper permissions creation time. Rather than first create, then set permissions. This is done by giving the permissions to the builder. See [tempfile doc](https://github.com/Stebalien/tempfile/blob/95540ed3fcb9ca74845c02aee058726b2dca58b7/src/lib.rs#L449-L450). # Severity Low The attack is only possible if the umask is configured to allow writes by group or other for created file/directories. # Related Resources See: https://cwe.mitre.org/data/definitions/377.html
1 parent 3971bb3 commit df1bd54

File tree

1 file changed

+8
-2
lines changed

1 file changed

+8
-2
lines changed

src/uu/mktemp/src/mktemp.rs

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -458,12 +458,18 @@ fn dry_exec(tmpdir: &Path, prefix: &str, rand: usize, suffix: &str) -> UResult<P
458458
fn make_temp_dir(dir: &Path, prefix: &str, rand: usize, suffix: &str) -> UResult<PathBuf> {
459459
let mut builder = Builder::new();
460460
builder.prefix(prefix).rand_bytes(rand).suffix(suffix);
461+
462+
// On *nix platforms grant read-write-execute for owner only.
463+
// The directory is created with these permission at creation time, using mkdir(3) syscall.
464+
// This is not relevant on Windows systems. See: https://docs.rs/tempfile/latest/tempfile/#security
465+
// `fs` is not imported on Windows anyways.
466+
#[cfg(not(windows))]
467+
builder.permissions(fs::Permissions::from_mode(0o700));
468+
461469
match builder.tempdir_in(dir) {
462470
Ok(d) => {
463471
// `into_path` consumes the TempDir without removing it
464472
let path = d.into_path();
465-
#[cfg(not(windows))]
466-
fs::set_permissions(&path, fs::Permissions::from_mode(0o700))?;
467473
Ok(path)
468474
}
469475
Err(e) if e.kind() == ErrorKind::NotFound => {

0 commit comments

Comments
 (0)