1
0
mirror of https://github.com/vlang/v.git synced 2023-08-10 21:13:21 +03:00
v/vlib/os
2022-07-28 17:26:55 +03:00
..
bare
cmdline
filelock
font os: add font module, move from gg (#13144) 2022-01-13 12:16:18 +02:00
notify fmt: remove space in front of ? and ! (#14366) 2022-05-13 06:56:21 +03:00
args.v all: update copyright year 2022-01-04 12:21:12 +03:00
const_nix.c.v
const_windows.c.v
const.v
environment_test.v
environment.c.v all: wrap up unsafe { nil } (p. 3) 2022-07-21 21:01:30 +03:00
environment.js.v
fd.c.v all: ~500 more byte=>u8 2022-04-15 18:25:45 +03:00
file_test.v os: add File.reopen and File.eof methods (#15184) 2022-07-28 16:21:23 +03:00
file.c.v os: fix File.eof on FreeBSD (feof is a C macro there) 2022-07-28 17:26:55 +03:00
file.js.v fmt: remove space in front of ? and ! (#14366) 2022-05-13 06:56:21 +03:00
filepath_test.v os: add windows_volume function (#14721) 2022-06-08 21:26:24 +03:00
filepath_windows.v os: correct description of windows_volume function (#14726) 2022-06-09 10:56:58 +03:00
filepath.v os: add windows_volume function (#14721) 2022-06-08 21:26:24 +03:00
find_abs_path_of_executable_test.v os: fix find_abs_path_of_executable function (on Windows) (#14835) 2022-06-23 03:36:15 +03:00
glob_test.v fmt: remove space in front of ? and ! (#14366) 2022-05-13 06:56:21 +03:00
inode_test.v vfmt: keep file permissions with -w on !windows (#13334) 2022-02-01 14:49:06 +02:00
inode.c.v vfmt: keep file permissions with -w on !windows (#13334) 2022-02-01 14:49:06 +02:00
open_uri_default.c.v os: add exo-open to the list of tried launchers in os.open_uri/1 (#14884) 2022-06-29 11:59:25 +03:00
open_uri_windows.c.v fmt: remove space in front of ? and ! (#14366) 2022-05-13 06:56:21 +03:00
os_android_outside_termux.c.v os: clean up usage of ANativeActivity, allow access to fields (#14948) 2022-07-05 16:30:10 +03:00
os_darwin.c.v all: update copyright year 2022-01-04 12:21:12 +03:00
os_js.js.v os: add an optional "mode" parameter to os.mkdir and os.mkdir_all (#14887) 2022-06-30 13:49:47 +03:00
os_linux.c.v all: update copyright year 2022-01-04 12:21:12 +03:00
os_nix.c.v os: add an optional "mode" parameter to os.mkdir and os.mkdir_all (#14887) 2022-06-30 13:49:47 +03:00
os_structs_dirent_default.c.v
os_structs_sigaction_default.c.v
os_structs_stat_default.c.v checker: improve pub struct check (fix #14446) (#14777) 2022-06-19 17:42:22 +03:00
os_structs_stat_linux.c.v checker: improve pub struct check (fix #14446) (#14777) 2022-06-19 17:42:22 +03:00
os_structs_utsname_default.c.v
os_test.v os: add File.reopen and File.eof methods (#15184) 2022-07-28 16:21:23 +03:00
os_windows.c.v all: wrap up unsafe { nil } (p. 3) 2022-07-21 21:01:30 +03:00
os.c.v os: add a security advisory for potential TOCTOU risks when using os.is_writable, os.is_executable etc (#15222) 2022-07-26 12:02:48 +03:00
os.js.v os: fix find_abs_path_of_executable function (on Windows) (#14835) 2022-06-23 03:36:15 +03:00
os.v os: restore the env TERMUX_VERSION based final resort for runtime auto detection of Termux 2022-07-08 11:16:53 +03:00
process_nix.c.v all: replace "NB:" with "Note:" (docs/comments) 2022-03-06 20:01:22 +03:00
process_test.v fmt: remove space in front of ? and ! (#14366) 2022-05-13 06:56:21 +03:00
process_windows.c.v all: wrap up unsafe { nil } (p. 3) 2022-07-21 21:01:30 +03:00
process.c.v all: replace "NB:" with "Note:" (docs/comments) 2022-03-06 20:01:22 +03:00
process.js.v all: replace "NB:" with "Note:" (docs/comments) 2022-03-06 20:01:22 +03:00
process.v all: replace "NB:" with "Note:" (docs/comments) 2022-03-06 20:01:22 +03:00
README.md os: add a security advisory for potential TOCTOU risks when using os.is_writable, os.is_executable etc (#15222) 2022-07-26 12:02:48 +03:00
signal_test.v checker: make using err.msg and err.code produce an *actual* notice, even with the present compatibility hack (will be *removed* in 2022-06-01) 2022-04-12 14:56:02 +03:00
signal.c.v
signal.js.v
signal.v all: replace "NB:" with "Note:" (docs/comments) 2022-03-06 20:01:22 +03:00

Description:

os provides common OS/platform independent functions for accessing command line arguments, reading/writing files, listing folders, handling processes etc.


A few os module functions can lead to the TOCTOU vulnerability if used incorrectly. TOCTOU (Time-of-Check-to-Time-of-Use problem) can occur when a file, folder or similar is checked for certain specifications (e.g. read, write permissions) and a change is made afterwards. In the time between the initial check and the edit, an attacker can then cause damage. The following example shows an attack strategy on the left and an improved variant on the right so that TOCTOU is no longer possible.

Example Hint: os.create() opens a file in write-only mode

Possibility for TOCTOU attack
if os.is_writable("file"){

    // >> time to make a quick attack (e.g. symlink /etc/passwd to >file<) <<

    mut f := os.create('path/to/file') ?
        // <do something with file>
    f.close()
}
TOCTOU not possible
mut f := os.create('path/to/file') or {
    println("file not writable")
}

// >> do someting with file; file is locked <<

f.close()

Proven affected functions
The following functions should be used with care and only when used correctly.

  • os.is_readable()
  • os.is_writable()
  • os.is_executable()
  • os.is_link()