[cfe-dev] [libc++][RFC] Implementing Directory Entry Caching forFilesystem

David Chisnall via cfe-dev cfe-dev at lists.llvm.org
Wed Jul 18 11:00:17 PDT 2018


On 18 Jul 2018, at 17:52, Aaron Ballman via cfe-dev <cfe-dev at lists.llvm.org> wrote:
> 
> "This doesn't introduce new security issues, it just makes existing
> ones worse" is not an argument that leaves me with warm, fuzzy
> feelings. The goal is obviously to prevent the TOCTOU bugs in the
> first place, but if we cannot achieve that, we shouldn't exacerbate
> the TOCTOU problems only because we can't achieve the ideal.

There is a long history of intentionally making security bugs ‘worse' to improve security.  Many memory safety techniques, for example, turn a possibly-benign buffer overflow into a segmentation violation.  Now, rather than silent memory corruption that might not be a problem in the absence of a malicious adversary, you get an obvious bug that you have to fix.  

The filesystem API seems poorly designed on many levels, but turning a security vulnerability that is only triggered in the presence of an attacker into a bug that is likely to affect normal users seems like a good model in general.  The move likely a bug is to occur, the more likely it is to be fixed.

David




More information about the cfe-dev mailing list