-
-
Notifications
You must be signed in to change notification settings - Fork 950
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix ish-app/ish#2349 stop EACCES truncate with open #2352
base: master
Are you sure you want to change the base?
fix ish-app/ish#2349 stop EACCES truncate with open #2352
Conversation
…ead of a fstat after opening the file
Looks like this makes tests fail |
That's indeed worrying, I will look into it when I have time |
add potential vuln note
This time it should work @tbodt I ran the tests. I had to engage the inode lock before the stat Sorry for the delay tho |
We may need to increase the timeout delay to reduce false positives |
Actually there might be a better way that doesn't cripple the speed. but it might include a slight rework of the fd closing function. @tbodt Would you prefer that? |
What happened with the speed? If more things need to be refactored, more things need to be refactored :D This isn't a bad thing in itself. |
It seems fstat is that much faster than stat. I expected a bit of performance loss due to extra path finding overhead but not this much. Instead of checking before opening the file it might be a better idea to just write a better error handling function to compensate. |
Relocate the permission check for the
generic_openat
function to before opening the back-end.This mitigates the case where open is called on the file back-end even if the user is not allowed to.
Opening the back-end prematurely can cause truncation of the file in question by the error handler.
This seemed like an easy issue to fix so i tried fixing it.
This is my first PR in this Repository, If i made any mistakes let me know!