Newsportal USENET - Re: encapsulating directory operations

Re: encapsulating directory operations

Sujet : Re: encapsulating directory operations
De : 643-408-1753 (at) *nospam* kylheku.com (Kaz Kylheku)
Groupes : comp.lang.c
Date : 03. Jun 2025, 02:02:54

Autres entêtes

Organisation : A noiseless patient Spider
Message-ID : <20250602174720.211@kylheku.com>
References : 1 2 3 4 5 6 7 8 9 10
User-Agent : slrn/pre1.0.4-9 (Linux)

On 2025-06-02, Scott Lurndal <scott@slp53.sl.home> wrote:

From the posix standard:
>
"The purpose of the fstatat() function is to obtain the status
   of files in directories other than the current working directory
   without exposure to race conditions. Any part of the path of a
   file could be changed in parallel to a call to stat(), resulting
   in unspecified behavior. By opening a file descriptor for the target
   directory and using the fstatat() function it can be guaranteed that
   the file for which status is returned is located relative to the desired directory."

The security guarantee you want is that when you follow some path
/a/b/c/d/.., that none of the path components "a", "b", "c", "d", ...
are under the control of an adversary. Adversary means any other user
who is not you or root. (If you are root, any other user, therefore).

If, say "c" is under the control of an adversary, then the adversary can
make it a symlink, so that "d" is then anything whatsoever in any
location whatsoever.

I've developed an experimental security library called safepath
which tries to validate a path for this kind of safety.

https://www.kylheku.com/cgit/safepath/about/

Caveat: note the lack of a test suite in this project!

It doesn't rely on these functions because, it's not necesary.
If you know that /a/b/c is safe, then by induction you can proceed
to /a/b/c/d. For instance if you are root, and non-root is not able
to tamper with /a/b/c, then, generally speaking, there is no race
condition to worry about in making two accesses to c: one to check its
permissions and ownership, and another to traverse it.

--
TXR Programming Language: http://nongnu.org/txr
Cygnal: Cygwin Native Application Library: http://kylheku.com/cygnal
Mastodon: @Kazinator@mstdn.ca

Les messages affichés proviennent d'usenet.

Date	Sujet	#	Auteur
20 May 25	encapsulating directory operations	308	Paul Edwards
20 May 25	Re: encapsulating directory operations	83	Lawrence D'Oliveiro
20 May 25	Re: encapsulating directory operations	20	Paul Edwards
21 May 25	Re: encapsulating directory operations	19	Lawrence D'Oliveiro
21 May 25	Re: encapsulating directory operations	18	Paul Edwards
21 May 25	Re: encapsulating directory operations	17	Lawrence D'Oliveiro
21 May 25	Re: encapsulating directory operations	3	Paul Edwards
22 May 25	Re: encapsulating directory operations	2	Lawrence D'Oliveiro
22 May 25	Re: encapsulating directory operations	1	Kaz Kylheku
22 May 25	Re: encapsulating directory operations	13	James Kuyper
22 May 25	Re: encapsulating directory operations	12	Lawrence D'Oliveiro
22 May 25	Re: encapsulating directory operations	11	James Kuyper
22 May 25	Re: encapsulating directory operations	10	Lawrence D'Oliveiro
23 May 25	Re: encapsulating directory operations	9	James Kuyper
23 May 25	Re: encapsulating directory operations	8	Kaz Kylheku
23 May 25	Re: encapsulating directory operations	3	Paul Edwards
23 May 25	Re: encapsulating directory operations	1	Kaz Kylheku
24 May 25	Re: encapsulating directory operations	1	Lawrence D'Oliveiro
23 May 25	Re: encapsulating directory operations	4	James Kuyper
23 May 25	Re: encapsulating directory operations	3	Kaz Kylheku
24 May 25	Re: encapsulating directory operations	2	James Kuyper
24 May 25	Re: encapsulating directory operations	1	Kaz Kylheku
31 May 25	Re: encapsulating directory operations	62	Bonita Montero
31 May 25	Re: encapsulating directory operations	61	Lawrence D'Oliveiro
1 Jun 25	Re: encapsulating directory operations	60	Bonita Montero
1 Jun 25	Re: encapsulating directory operations	59	Lawrence D'Oliveiro
2 Jun 25	Re: encapsulating directory operations	58	Bonita Montero
3 Jun 25	Re: encapsulating directory operations	2	James Kuyper
3 Jun 25	Re: encapsulating directory operations	1	Kaz Kylheku
3 Jun 25	Re: encapsulating directory operations	9	Lawrence D'Oliveiro
10 Jun 25	Re: encapsulating directory operations	8	Bonita Montero
10 Jun 25	Re: encapsulating directory operations	1	Bonita Montero
10 Jun 25	Re: encapsulating directory operations	1	Kaz Kylheku
11 Jun 25	Re: encapsulating directory operations	5	Lawrence D'Oliveiro
11 Jun 25	Re: encapsulating directory operations	4	Bonita Montero
11 Jun 25	Re: encapsulating directory operations	1	Lawrence D'Oliveiro
11 Jun 25	Re: encapsulating directory operations	2	Bonita Montero
12 Jun 25	Re: encapsulating directory operations	1	Lawrence D'Oliveiro
3 Jun 25	Re: encapsulating directory operations	46	Bonita Montero
6 Jun 25	Re: encapsulating directory operations	45	Bonita Montero
6 Jun 25	Re: encapsulating directory operations	44	Bonita Montero
6 Jun 25	Re: encapsulating directory operations	43	Bonita Montero
6 Jun 25	Re: encapsulating directory operations	42	wij
7 Jun 25	Re: encapsulating directory operations	41	Bonita Montero
7 Jun 25	Re: encapsulating directory operations	40	wij
7 Jun 25	Re: encapsulating directory operations	39	Bonita Montero
7 Jun 25	Re: encapsulating directory operations	38	wij
7 Jun 25	Re: encapsulating directory operations	37	Bonita Montero
7 Jun 25	Re: encapsulating directory operations	22	wij
7 Jun 25	Re: encapsulating directory operations	1	Bonita Montero
8 Jun 25	Re: encapsulating directory operations	20	Bonita Montero
8 Jun 25	Re: encapsulating directory operations	12	Muttley
8 Jun 25	Re: encapsulating directory operations	11	Bonita Montero
8 Jun 25	Re: encapsulating directory operations	10	Muttley
8 Jun 25	Re: encapsulating directory operations	3	Bonita Montero
9 Jun 25	Re: encapsulating directory operations	2	Muttley
9 Jun 25	Re: encapsulating directory operations	1	Bonita Montero
8 Jun 25	Re: encapsulating directory operations	2	Kaz Kylheku
10 Jun 25	Re: encapsulating directory operations	1	Tim Rentsch
8 Jun 25	Re: encapsulating directory operations	1	Bonita Montero
9 Jun 25	Re: encapsulating directory operations	1	wij
9 Jun 25	Re: encapsulating directory operations	2	Muttley
9 Jun 25	Re: encapsulating directory operations	1	Bonita Montero
8 Jun 25	Re: encapsulating directory operations	5	wij
8 Jun 25	Re: encapsulating directory operations	4	Bonita Montero
8 Jun 25	Re: encapsulating directory operations	3	wij
8 Jun 25	Re: encapsulating directory operations	2	Bonita Montero
8 Jun 25	Re: encapsulating directory operations	1	wij
9 Jun 25	Re: encapsulating directory operations	2	Lawrence D'Oliveiro
9 Jun 25	Re: encapsulating directory operations	1	Bonita Montero
7 Jun 25	Re: encapsulating directory operations	14	Janis Papanagnou
8 Jun 25	Re: encapsulating directory operations	13	Bonita Montero
8 Jun 25	Re: encapsulating directory operations	1	Chris M. Thomasson
8 Jun 25	Re: encapsulating directory operations	11	Bonita Montero
9 Jun 25	Re: encapsulating directory operations	8	Bonita Montero
9 Jun 25	Re: encapsulating directory operations	6	Bonita Montero
9 Jun 25	Re: encapsulating directory operations	1	Bonita Montero
10 Jun 25	Re: encapsulating directory operations	3	Muttley
10 Jun 25	Re: encapsulating directory operations	1	Muttley
10 Jun 25	Re: encapsulating directory operations	1	Chris M. Thomasson
10 Jun 25	Re: encapsulating directory operations	1	Waldek Hebisch
9 Jun 25	Re: encapsulating directory operations	1	Richard Heathfield
10 Jun 25	Re: encapsulating directory operations	2	Tim Rentsch
10 Jun 25	Re: encapsulating directory operations	1	Bonita Montero
20 May 25	Re: encapsulating directory operations	74	Keith Thompson
20 May 25	Re: encapsulating directory operations	28	Richard Heathfield
20 May 25	Re: encapsulating directory operations	1	Paul Edwards
20 May 25	Re: encapsulating directory operations	1	David Brown
20 May 25	Re: encapsulating directory operations	7	Kaz Kylheku
20 May 25	Re: encapsulating directory operations	6	Richard Heathfield
20 May 25	Re: encapsulating directory operations	2	Muttley
20 May 25	Re: encapsulating directory operations	1	Paul Edwards
20 May 25	Re: encapsulating directory operations	3	Paul Edwards
20 May 25	Re: encapsulating directory operations	2	Richard Heathfield
20 May 25	Re: encapsulating directory operations	1	Paul Edwards
23 May 25	Re: encapsulating directory operations	18	Tim Rentsch
23 May 25	Re: encapsulating directory operations	6	Richard Heathfield
24 May 25	Re: encapsulating directory operations	5	Tim Rentsch
24 May 25	Re: encapsulating directory operations	4	Richard Heathfield
28 May 25	Re: encapsulating directory operations	3	Tim Rentsch
28 May 25	Re: encapsulating directory operations	2	Richard Heathfield
26 May 25	Re: encapsulating directory operations	11	Peter 'Shaggy' Haywood
20 May 25	Re: encapsulating directory operations	45	Paul Edwards
20 May 25	Re: encapsulating directory operations	145	Kaz Kylheku
21 May 25	Re: encapsulating directory operations	3	Janis Papanagnou
22 May 25	Re: encapsulating directory operations	1	Bonita Montero
25 May 25	Re: encapsulating directory operations	1	Tim Rentsch