TOCTOU Bug for chmod #1175

ArielSAdamsNASA · 2021-10-05T17:16:16Z

Describe the bug
Calling function chmod that uses Filename after a check function. This can cause a time-of-check, time-of-use race condition.

Expected behavior
Use fchmod as seen in OS_FileChmod_Impl.

Code snips

osal/ut_assert/src/uttools.c

Lines 62 to 69 in 42af0f7

    
           if ((fp = fopen(Filename, "w"))) 
        
           { 
        
               if (stat(Filename, &dststat) == 0) 
        
               { 
        
                   chmod(Filename, dststat.st_mode & ~(S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH | S_IWOTH | S_IXOTH)); 
        
                   stat(Filename, &dststat); 
        
               }

osal/ut_assert/src/uttools.c

Lines 111 to 117 in 42af0f7

    
           if ((fp = fopen(Filename, "w"))) 
        
           { 
        
               if (stat(Filename, &dststat) == 0) 
        
               { 
        
                   chmod(Filename, dststat.st_mode & ~(S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH | S_IWOTH | S_IXOTH)); 
        
                   stat(Filename, &dststat); 
        
               }

System observed on:
Coverity: https://scan.coverity.com/projects/arielsadamsnasa-cfs-jsf-rules?tab=overview

Reporter Info
Ariel Adams, ASRC Federal

skliper · 2021-10-07T20:35:55Z

Could change to fstat and fchmod.

Fix nasa#1160, Shorten task info default filename

Fix #1175, Use fstat and fchmod for TOCTOU Bug

ArielSAdamsNASA added the bug label Oct 5, 2021

ArielSAdamsNASA pushed a commit to ArielSAdamsNASA/osal that referenced this issue Oct 13, 2021

Fix nasa#1175, Use fstat and fchmod for TOCTOU Bug

57dc1d8

ArielSAdamsNASA pushed a commit to ArielSAdamsNASA/osal that referenced this issue Oct 13, 2021

Fix nasa#1175, Use fstat and fchmod for TOCTOU Bug

678a0db

ArielSAdamsNASA mentioned this issue Oct 13, 2021

Fix #1175, Use fstat and fchmod for TOCTOU Bug #1181

Merged

ArielSAdamsNASA pushed a commit to ArielSAdamsNASA/osal that referenced this issue Oct 13, 2021

Fix nasa#1175, Use fstat and fchmod for TOCTOU Bug

db0f49a

ArielSAdamsNASA pushed a commit to ArielSAdamsNASA/osal that referenced this issue Oct 13, 2021

Fix nasa#1175, Use fstat and fchmod for TOCTOU Bug

ccc2a0c

ArielSAdamsNASA pushed a commit to ArielSAdamsNASA/osal that referenced this issue Oct 13, 2021

Fix nasa#1175, Use fstat and fchmod for TOCTOU Bug

41a8277

ArielSAdamsNASA pushed a commit to ArielSAdamsNASA/osal that referenced this issue Oct 19, 2021

Fix nasa#1175, Use fstat and fchmod for TOCTOU Bug

f62793c

ArielSAdamsNASA pushed a commit to ArielSAdamsNASA/osal that referenced this issue Oct 19, 2021

Fix nasa#1175, Use fstat and fchmod for TOCTOU Bug

b0ed67a

ArielSAdamsNASA pushed a commit to ArielSAdamsNASA/osal that referenced this issue Oct 19, 2021

Fix nasa#1175, Use fstat and fchmod for TOCTOU Bug

b1b6c9c

ArielSAdamsNASA pushed a commit to ArielSAdamsNASA/osal that referenced this issue Oct 19, 2021

Fix nasa#1175, Use fstat and fchmod for TOCTOU Bug

49c48c5

jphickey pushed a commit to jphickey/osal that referenced this issue Aug 10, 2022

Merge pull request nasa#1175 from skliper/fix1160-task_filename

99e9182

Fix nasa#1160, Shorten task info default filename

dzbaker added a commit that referenced this issue Oct 3, 2022

Merge pull request #1181 from ArielSAdamsNASA/fix-1175-toctou-bug-chmod

063221a

Fix #1175, Use fstat and fchmod for TOCTOU Bug

dzbaker closed this as completed in 9157b78 Oct 3, 2022

chillfig added the draco-rc4 label Feb 7, 2023

chillfig added this to the Draco milestone Feb 7, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

TOCTOU Bug for chmod #1175

TOCTOU Bug for chmod #1175

ArielSAdamsNASA commented Oct 5, 2021

skliper commented Oct 7, 2021

TOCTOU Bug for chmod #1175

TOCTOU Bug for chmod #1175

Comments

ArielSAdamsNASA commented Oct 5, 2021

skliper commented Oct 7, 2021