From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 3D8D63857C4F; Wed, 4 Oct 2023 11:28:33 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 3D8D63857C4F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1696418913; bh=3EV1ev3HIriV1K6gdmxbqhHlWz1AGjncshCg23c+Olw=; h=From:To:Subject:Date:In-Reply-To:References:From; b=enhVefJNM2XB8tQQlYqhnyzm05rPcJvKe0ZdhpirJJuhglbrlaTra3jnBaelfn4vK 2nEaDrLw2EKDtVmJ1uFIxpcKRpqqCOeTESDwUTBA7bSu0mBPrgpb601YhivmmUdkB4 nOdc9ZDg/Km+Le/y7ySfy4N2bwF05nZ0NXKkoSeA= From: "cvs-commit at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug libstdc++/104161] Potential Security Vulnerability: remove_all and symbolic link Date: Wed, 04 Oct 2023 11:28:31 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: libstdc++ X-Bugzilla-Version: unknown X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: cvs-commit at gcc dot gnu.org X-Bugzilla-Status: ASSIGNED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: redi at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D104161 --- Comment #9 from CVS Commits --- The releases/gcc-11 branch has been updated by Jonathan Wakely : https://gcc.gnu.org/g:e20b1c711f70d8d251d45694c50c02e66a4d9f7b commit r11-11036-ge20b1c711f70d8d251d45694c50c02e66a4d9f7b Author: Jonathan Wakely Date: Sun Jan 23 21:45:16 2022 +0000 libstdc++: Avoid symlink race in filesystem::remove_all [PR104161] This adds a new internal flag to the filesystem::directory_iterator constructor that makes it fail if the path is a symlink that resolves to a directory. This prevents filesystem::remove_all from following a symlink to a directory, rather than deleting the symlink itself. We can also use that new flag in recursive_directory_iterator to ensure that we don't follow symlinks if the follow_directory_symlink option is not set. This also moves an error check in filesystem::remove_all after the while loop, so that errors from the directory_iterator constructor are reproted, instead of continuing to the filesystem::remove call below. libstdc++-v3/ChangeLog: PR libstdc++/104161 * acinclude.m4 (GLIBCXX_CHECK_FILESYSTEM_DEPS): Check for fdopendir. * config.h.in: Regenerate. * configure: Regenerate. * src/c++17/fs_dir.cc (_Dir): Add nofollow flag to constructor and pass it to base class constructor. (directory_iterator): Pass nofollow flag to _Dir constructor. (fs::recursive_directory_iterator::increment): Likewise. * src/c++17/fs_ops.cc (do_remove_all): Use nofollow option for directory_iterator constructor. Move error check outside loop. * src/filesystem/dir-common.h (_Dir_base): Add nofollow flag to constructor and when it's set use ::open with O_NOFOLLOW and O_DIRECTORY. * src/filesystem/dir.cc (_Dir): Add nofollow flag to constructor and pass it to base class constructor. (directory_iterator): Pass nofollow flag to _Dir constructor. (fs::recursive_directory_iterator::increment): Likewise. * src/filesystem/ops.cc (remove_all): Use nofollow option for directory_iterator constructor. Move error check outside loop. (cherry picked from commit c8bd4dc8212e43b2f9af08b80df97f90cdb0df4f)=