os: avoid escape from Root via ReadDir or Readdir - go - Fork of Go programming language with my patches.

diff options

author	Damien Neil <dneil@google.com>	2026-02-26 09:54:33 -0800
committer	Gopher Robot <gobot@golang.org>	2026-02-26 16:02:53 -0800
commit	657ed934e85dc575aad51356c4b437961e7c1313 (patch)
tree	ea07172ac7209031370f0cb3759b3b67b588f6cb /src/runtime/malloc_generated.go
parent	753022f82fc54dab5e348fac3706a9df8afc5cb5 (diff)
download	go-657ed934e85dc575aad51356c4b437961e7c1313.tar.xz

os: avoid escape from Root via ReadDir or Readdir

When reading the contents of a directory using File.ReadDir or File.Readdir, the os.FileInfo was populated on Unix platforms using lstat. This lstat call is vulnerable to a TOCTOU race and could escape the root. For example: - Open the directory "dir" within a Root. This directory contains a file named "file". - Use File.ReadDir to list the contents of "dir", receiving a os.DirEntry for "dir/file". - Replace "dir" with a symlink to "/etc". - Use DirEntry.Info to retrieve the FileInfo for "dir/file". This FileInfo contains information on "/etc/file" instead. This escape permits identifying the presence or absence of files outside a Root, as well as retreiving stat metadata (size, mode, modification time, etc.) for files outside a Root. This escape does not permit reading or writing to files outside a Root. Fixes #77827 Fixes CVE-2026-27139 Change-Id: I40004f830c588e516aff8ee593d630d36a6a6964 Reviewed-on: https://go-review.googlesource.com/c/go/+/749480 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Nicholas Husin <husin@google.com> Reviewed-by: Nicholas Husin <nsh@golang.org> Auto-Submit: Damien Neil <dneil@google.com>

Diffstat (limited to 'src/runtime/malloc_generated.go')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: