[cfe-dev] [libc++][RFC] Implementing Directory Entry Caching forFilesystem
David Chisnall via cfe-dev
cfe-dev at lists.llvm.org
Wed Jul 18 11:00:17 PDT 2018
On 18 Jul 2018, at 17:52, Aaron Ballman via cfe-dev <cfe-dev at lists.llvm.org> wrote:
> "This doesn't introduce new security issues, it just makes existing
> ones worse" is not an argument that leaves me with warm, fuzzy
> feelings. The goal is obviously to prevent the TOCTOU bugs in the
> first place, but if we cannot achieve that, we shouldn't exacerbate
> the TOCTOU problems only because we can't achieve the ideal.
There is a long history of intentionally making security bugs ‘worse' to improve security. Many memory safety techniques, for example, turn a possibly-benign buffer overflow into a segmentation violation. Now, rather than silent memory corruption that might not be a problem in the absence of a malicious adversary, you get an obvious bug that you have to fix.
The filesystem API seems poorly designed on many levels, but turning a security vulnerability that is only triggered in the presence of an attacker into a bug that is likely to affect normal users seems like a good model in general. The move likely a bug is to occur, the more likely it is to be fixed.
More information about the cfe-dev