Race Chmod

Usage of the `chmod` function call hints at a potential Time Of Check Time Of Use (TOCTOU) vulnerability. An attacker may be able to modify the file being specified by the `chmod` function prior to the `chmod` function being called. Since `chmod` will resolve symbolic links, an attacker may be able to exploit this fact to have files outside of their control

IndexedPublic repositoryHighMedium confidenceVerifiedGPL-2.0-onlyc

greprules fetch gitlab-sast-c-race-rule-chmod --engine opengrep

Description

Usage of the `chmod` function call hints at a potential Time Of Check Time Of Use (TOCTOU) vulnerability. An attacker may be able to modify the file being specified by the `chmod` function prior to the `chmod` function being called. Since `chmod` will resolve symbolic links, an attacker may be able to exploit this fact to have files outside of their control

Detection target

Not provided

Recommended fix

Not provided

False-positive notes

Not provided

License: GPL-2.0-only
Source context: Public repository
Source: https://gitlab.com/gitlab-org/security-products/sast-rules
Validation status: Verified
Trust signals: 97 downloads
0 direct97 via packs
· 0 stars · Trust score 91How trust works
Included packs: 2 packs

Community feedback

Sign in to report false positives, mark this rule useful, or suggest metadata improvements.

Mark useful Report false positive Suggest metadata