coreutils icon indicating copy to clipboard operation
coreutils copied to clipboard
verified publisher icon uutils

chmod: Incomplete safe traversal/access

Open julian-klode opened this issue 3 weeks ago • 0 comments

As of 3b0f47d1fda630be08209dd6ebfbe5723a3ecef9 from earlier today:

$ mkdir -p x/y/z
$ strace ./target/debug/chmod -R +x x

statx(AT_FDCWD, "x/y/z", AT_STATX_SYNC_AS_STAT|AT_SYMLINK_NOFOLLOW, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFDIR|0775, stx_size=6, ...}) = 0
statx(AT_FDCWD, "x/y/z", AT_STATX_SYNC_AS_STAT|AT_SYMLINK_NOFOLLOW, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFDIR|0775, stx_size=6, ...}) = 0
statx(AT_FDCWD, "x/y/z", AT_STATX_SYNC_AS_STAT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFDIR|0775, stx_size=6, ...}) = 0
openat(AT_FDCWD, "x/y/z", O_RDONLY|O_CLOEXEC|O_DIRECTORY) = 5

We can see that while it uses the "safe" calls it uses them with AT_FDCWD and the complete path instead of the path relative to the fd (here it would have to be function(4, "z", ...), not function(AT_FDCWD, "x/y/z", ...)

julian-klode avatar Dec 02 '25 11:12 julian-klode