Flaw in Rust Could Lead to File and Directory Deletion

The makers of the Rust programming language plan to release a patch for a serious security vulnerability that could have allowed an attacker to trick a privileged program into deleting certain directories and files that the attacker should not be able to access.

The flaw is found in Rust versions 1.0.0 through 1.58.0 and is the result of a missing check in a standard library function. The check is intended to ensure that the library does not recursively remove symbolic links, or symlinks, that provide references to other files or directories on a system. Rust maintainers released an advisory on Friday stating that although the check is present in the std::fs::remove_dir_all function, it does not work as expected.

“Unfortunately, this check was not implemented correctly in the standard library, which resulted in a TOCTOU (Time-of-check Time-of-use) race condition. Instead of telling the system not to follow the symbolic links, the standard library first checked if the thing it was about to delete was a symbolic link, otherwise it would recursively delete the directory”, advisory said.

“This exposed a race condition: an attacker could create a directory and replace it with a symbolic link between verification and actual deletion. While this attack probably won’t work the first time it’s attempted, in our experimentation we were able to perform it reliably within seconds.

All versions of Rust from 1.0 to 1.58.0 are vulnerable to this issue, and maintainers said they plan to release a fix for the bug later Friday. The updated version will be 1.58.1.

“We recommend everyone to update to Rust 1.58.1 as soon as possible, especially people developing programs that are supposed to run in privileged contexts (including system daemons and setuid binaries), because those- ci have the greatest risk of being affected by this,” Rust said. says the council.

Rust is used to build software on a variety of platforms, and many modern tools and cloud applications have components written in Rust.

Comments are closed.