Commit 162ce0b783ba837e5e690a5bde812341853e109b
2025-09-21T07:55:00
fchownat: fix security races and other bugs This fixes some unlikely security races, where our “no-op” chmod undid some other process’s chmod. Ironically this bug occurred on OpenBSD, our most paranoid target. This patch also fixes some EOVERFLOW bugs, along with a performance bug and a CHOWN_CHANGE_TIME_BUG with fchownat. * lib/chown.c, lib/fchownat.c, lib/lchown.c: Remove unnecessary inconsistencies. Include stat-time.h. (CHOWN_CHANGE_TIME_BUG, CHOWN_FAILS_TO_HONOR_ID_OF_NEGATIVE_ONE) (CHOWN_MODIFIES_SYMLINK, CHOWN_TRAILING_SLASH_BUG): Default to 0, and prefer ‘if (...)’ to ‘#ifdef ...’. (utimensat) [!HAVE_UTIMENSAT]: Default to a no-op. (rpl_chown, rpl_fchownat, rpl_lchown): Prefer ‘if (...)’ to ‘#ifdef ...’. Statically, call the stat-like and chown-like functions just once. Do not fail if the stat-like function fails with EOVERFLOW, if existence is all we care about. Use utimensat to update ctime, instead of a chmod-like function. * lib/fchownat.c (rpl_fchownat): Defend against OpenBSD’s CHOWN_CHANGE_TIME_BUG. This bug in rpl_fchownat was exposed by yesterday’s fix that caused rpl_fchownat to call fchownat instead of using the tricky old fork/chdir business. * m4/chown.m4 (gl_FUNC_CHOWN): Check for utimensat if the ctime bug is present. * modules/chown, modules/lchown, modules/fchownat: (Depends-on): Add stat-time.