Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

security improvement: open files with O_EXCL for writing #147

Open
vtjnash opened this issue Oct 25, 2022 · 3 comments · May be fixed by #148
Open

security improvement: open files with O_EXCL for writing #147

vtjnash opened this issue Oct 25, 2022 · 3 comments · May be fixed by #148

Comments

@vtjnash
Copy link

vtjnash commented Oct 25, 2022

When opening files for writing, this package probably never wants to overwrite an existing file. This can be prevented (including any race conditions) by setting the O_CREAT O_EXCL flag when opening files for writing. This would potentially avoid any security vulnerabilities being discovered by package users resulting from malicious tar files overwriting important files.

@vtjnash vtjnash changed the title security improvement: open files with O_CREAT for writing security improvement: open files with O_EXCL for writing Oct 25, 2022
@vtjnash
Copy link
Author

vtjnash commented Oct 25, 2022

ah, wait, sorry, the flag is O_CREAT | O_EXCL

@StefanKarpinski
Copy link
Member

Do we have an open flag for that?

@StefanKarpinski
Copy link
Member

Doesn't seem like we do. I guess I can use an internal open method, but maybe better to add an exclusive flag to the open function instead and then use it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants