fix(path_blocking): close TOCTOU between exists() and symlink_metadata() (#192)#243
Closed
SAY-5 wants to merge 2 commits intoTrueNine:devfrom
Closed
fix(path_blocking): close TOCTOU between exists() and symlink_metadata() (#192)#243SAY-5 wants to merge 2 commits intoTrueNine:devfrom
SAY-5 wants to merge 2 commits intoTrueNine:devfrom
Conversation
Fix two CI failures from previous merge
Closes TrueNine#192. `remove_blocking_file` checked `path.exists()` and then called `symlink_metadata(path)` separately. Between those two syscalls another process could create, replace, or delete the entry — the classic TOCTOU shape. Practically, an entry that disappears between the two stats produces a `symlink_metadata` `NotFound` error that gets bubbled to the caller as `Err(...)`, when the previous `exists()` already reported it absent (we'd want `Ok(false)`). Drop the redundant `exists()` and treat `symlink_metadata`'s `NotFound` directly as the "nothing to remove" case. One stat, race-free. Test: new `remove_blocking_file_returns_false_for_missing_path` covers the path that `exists()` previously short-circuited; the two existing tests (`remove_blocking_file_deletes_file` / `_skips_directory`) still pass. (The two `finds_blocking_file_in_directory_path` / `resolve_blocking_for_file_target` test failures on macOS are pre-existing `/var` symlink-resolution issues, unrelated to this patch.)
Owner
|
Merged into dev via cherry-pick. The PR base was changed from main to dev, which caused conflicts because dev had diverged significantly. All commits have been cherry-picked onto dev and pushed. Thanks for the contributions! |
Owner
|
Thank you for the contribution! All commits have been cherry-picked and merged into the dev branch. 🙏 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #192.
remove_blocking_filecheckedpath.exists()and then calledsymlink_metadata(path)separately. Between those two syscalls another process could create, replace, or delete the entry — the classic TOCTOU shape. Practically, an entry that disappears between the two stats produces asymlink_metadataNotFounderror that gets bubbled to the caller asErr(...), when the previousexists()already reported it absent (we'd wantOk(false)).Drop the redundant
exists()and treatsymlink_metadata'sNotFounddirectly as the nothing to remove case. One stat, race-free.Tests
New
remove_blocking_file_returns_false_for_missing_pathcovers the path thatexists()previously short-circuited; the two existing tests (remove_blocking_file_deletes_file/_skips_directory) still pass.Test plan
cargo build --manifest-path sdk/Cargo.toml— cleancargo test --manifest-path sdk/Cargo.toml --lib policy::path_blocking::tests::remove_— 3/3 pass(Two pre-existing test failures on macOS in this module —
finds_blocking_file_in_directory_pathandresolve_blocking_for_file_target— are caused by/varsymlink resolution and are unrelated to this patch.)