Ticket #1782 (closed defect: fixed)

Opened 4 years ago

Last modified 4 years ago

TOCTOU race conditions by copying and removing directory trees

Reported by: jhrozek Owned by: jhrozek
Priority: critical Milestone: SSSD 1.9.4
Component: SSSD Version: 1.9.3
Keywords: Cc:
Blocked By: Blocking:
Sensitive: Tests Updated: no
Coverity Bug: Patch Submitted: yes
Red Hat Bugzilla: 884254 Design link:
Feature Milestone:
Design review: no Fedora test page:
Chosen: Candidate to push out:
Release Notes:
Temp mark:


A TOCTOU (time-of-check time-of-use) race condition was found in the way SSSD, System Security Services Daemon, performed copying and removal of (user) directory trees.A local attacker, with permissions to write into directory of the victim, being actively / currently copied / removed via the sssd daemon facility, could use this flaw to conduct symbolic link attacks, leading to their ability to alter / remove directories outside of originally intended, to be modified, directory tree.

This issue was found by Florian Weimer of Red Hat Product Security Team.


Bob Foster.jpg (3.9 KB) - added by slavon8 4 months ago.

Change History

comment:1 Changed 4 years ago by jhrozek

  • Owner changed from somebody to jhrozek
  • Status changed from new to assigned
  • Red Hat Bugzilla set to 884254

comment:2 Changed 4 years ago by jhrozek

  • Patch Submitted set

Changed 4 months ago by slavon8

Note: See TracTickets for help on using tickets.