1
0
mirror of https://github.com/vlang/v.git synced 2023-08-10 21:13:21 +03:00
v/vlib/os
2023-03-02 15:49:50 +02:00
..
bare
cmdline
filelock
font
notify checker: disallow enum initalization (#17361) 2023-02-19 22:22:07 +01:00
args.v
const_nix.c.v
const_windows.c.v
const.v
debugger_darwin.c.v os: add #include <sys/types.h> to debugger_darwin.c.v, to fix bootstrapping on macOS <= 11 (#17446) 2023-03-01 00:06:12 +02:00
debugger_default.c.v os: move pub fn debugger_present() bool{ to platform-specific files (better ptrace portability handling) (#17373) 2023-02-21 10:55:03 +02:00
debugger_freebsd.c.v ci: fix bootstrapping on macos/freebsd etc 2023-02-21 12:30:35 +02:00
debugger_linux.c.v ci: fix bootstrapping on macos/freebsd etc 2023-02-21 12:30:35 +02:00
debugger_windows.c.v ci: fix bootstrapping on macos/freebsd etc 2023-02-21 12:30:35 +02:00
dir_expansions_test.v
environment_test.v
environment.c.v
environment.js.v
fd.c.v
file_test.v
file.c.v
file.js.v
filepath_test.v
filepath_windows.v
filepath.v checker: check option fn returning error (fix #17423) (#17438) 2023-03-02 15:49:50 +02:00
find_abs_path_of_executable_test.v
glob_test.v
inode_test.v
inode.c.v
open_uri_default.c.v
open_uri_windows.c.v
os_android_outside_termux.c.v
os_darwin.c.v
os_js.js.v
os_linux.c.v
os_nix.c.v os: make hostname and loginname functions return Result (#17414) 2023-02-27 05:21:23 +03:00
os_structs_dirent_default.c.v
os_structs_sigaction_default.c.v
os_structs_stat_default.c.v
os_structs_stat_linux.c.v
os_structs_utsname_default.c.v
os_test.v os: make hostname and loginname functions return Result (#17414) 2023-02-27 05:21:23 +03:00
os_windows.c.v os: make hostname and loginname functions return Result (#17414) 2023-02-27 05:21:23 +03:00
os.c.v wasm: add a webassembly compiler backend, based on using binaryen (#17368) 2023-02-28 23:58:53 +02:00
os.js.v
os.v os: fix default result of os.temp_dir() for termux (#17237) 2023-02-07 00:07:35 +02:00
password_nix.c.v os,term: fix C.tcsetattr declaration (add missing int return type) 2023-02-13 15:16:23 +02:00
password_windows.c.v
process_nix.c.v
process_test.v
process_windows.c.v
process.c.v
process.js.v
process.v
README.md docs: fix typos using codespell (#17332) 2023-02-16 11:43:39 +02:00
signal_test.v
signal.c.v
signal.js.v
signal.v

Description:

os provides common OS/platform independent functions for accessing command line arguments, reading/writing files, listing folders, handling processes etc.


A few os module functions can lead to the TOCTOU vulnerability if used incorrectly. TOCTOU (Time-of-Check-to-Time-of-Use problem) can occur when a file, folder or similar is checked for certain specifications (e.g. read, write permissions) and a change is made afterwards. In the time between the initial check and the edit, an attacker can then cause damage. The following example shows an attack strategy on the left and an improved variant on the right so that TOCTOU is no longer possible.

Example Hint: os.create() opens a file in write-only mode

Possibility for TOCTOU attack
if os.is_writable("file"){

    // >> time to make a quick attack (e.g. symlink /etc/passwd to >file<) <<

    mut f := os.create('path/to/file') ?
        // <do something with file>
    f.close()
}
TOCTOU not possible
mut f := os.create('path/to/file') or {
    println("file not writable")
}

// >> do something with file; file is locked <<

f.close()

Proven affected functions
The following functions should be used with care and only when used correctly.

  • os.is_readable()
  • os.is_writable()
  • os.is_executable()
  • os.is_link()