os: use minimal file permissions when opening parent directory in RemoveAll

On Windows, the process might not have read permission on the parent
directory, but still can delete files in it. This change allows
RemoveAll to open the parent directory with minimal permissions, which
is sufficient for deleting child files.

Fixes #74134.

Cq-Include-Trybots: luci.golang.try:gotip-windows-amd64-longtest,gotip-windows-arm64
Change-Id: I5d5c5977caaebf6e0f93fb2313b0ceb346f70e05
Reviewed-on: https://go-review.googlesource.com/c/go/+/684515
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>

1 files changed, 10 insertions, 1 deletions

diff --git a/src/os/removeall_at.go b/src/os/removeall_at.go
index a613aeeb91..5ddc1ade61 100644
--- a/src/os/removeall_at.go
+++ b/src/os/removeall_at.go
@@ -8,6 +8,7 @@ package os
 
 import (
 	"io"
+	"runtime"
 	"syscall"
 )
 
@@ -34,7 +35,15 @@ func removeAll(path string) error {
 	// its parent directory
 	parentDir, base := splitPath(path)
 
-	parent, err := Open(parentDir)
+	flag := O_RDONLY
+	if runtime.GOOS == "windows" {
+		// On Windows, the process might not have read permission on the parent directory,
+		// but still can delete files in it. See https://go.dev/issue/74134.
+		// We can open a file even if we don't have read permission by passing the
+		// O_WRONLY | O_RDWR flag, which is mapped to FILE_READ_ATTRIBUTES.
+		flag = O_WRONLY | O_RDWR
+	}
+	parent, err := OpenFile(parentDir, flag, 0)
 	if IsNotExist(err) {
 		// If parent does not exist, base cannot exist. Fail silently
 		return nil