1
0
mirror of https://github.com/vlang/v.git synced 2023-08-10 21:13:21 +03:00
v/vlib/os
Thomas Mangin 580d9cedc7
termios: new termios module (#17792)
* termio: new termio module

move the tcgetattr and tcsetattr functions in a new termio module.
The code needed refactoring as different OS have different fields
size, position and number for the C.termios structure, which
could not be correctly expressed consitently otherwise.

It has the positive side effect to reduce the number of unsafe calls.
New testing code was also added for the readline module as it is
relying of the feature.

* apply 2023 copyright to the new files too
2023-03-30 08:58:52 +03:00
..
bare
cmdline
filelock vfmt: change all '$expr' to '${expr}' (#16428) 2022-11-15 16:53:13 +03:00
font all: 2023 copyright 2023-03-28 22:55:57 +02:00
notify checker: disallow enum initalization (#17361) 2023-02-19 22:22:07 +01:00
args.v all: 2023 copyright 2023-03-28 22:55:57 +02:00
const_nix.c.v
const_windows.c.v checker: check int overflow for const vars (#16332) 2022-11-06 08:22:28 +03:00
const.v
debugger_darwin.c.v os: add #include <sys/types.h> to debugger_darwin.c.v, to fix bootstrapping on macOS <= 11 (#17446) 2023-03-01 00:06:12 +02:00
debugger_default.c.v os: move pub fn debugger_present() bool{ to platform-specific files (better ptrace portability handling) (#17373) 2023-02-21 10:55:03 +02:00
debugger_freebsd.c.v ci: fix bootstrapping on macos/freebsd etc 2023-02-21 12:30:35 +02:00
debugger_linux.c.v ci: fix bootstrapping on macos/freebsd etc 2023-02-21 12:30:35 +02:00
debugger_windows.c.v ci: fix bootstrapping on macos/freebsd etc 2023-02-21 12:30:35 +02:00
dir_expansions_test.v vfmt: change all '$expr' to '${expr}' (#16428) 2022-11-15 16:53:13 +03:00
environment_test.v vfmt: change all '$expr' to '${expr}' (#16428) 2022-11-15 16:53:13 +03:00
environment.c.v all: 2023 copyright 2023-03-28 22:55:57 +02:00
environment.js.v
fd.c.v
file_test.v os: add test for os.open_append (#16846) 2023-01-03 01:11:35 +02:00
file.c.v all: replace generic <> with [] - part 2 (#16536) 2022-11-26 18:23:26 +02:00
file.js.v all: remove unnecessary IError() casts 2022-10-28 19:08:30 +03:00
filepath_test.v vfmt: change all '$expr' to '${expr}' (#16428) 2022-11-15 16:53:13 +03:00
filepath_windows.v
filepath.v checker: check option fn returning error (fix #17423) (#17438) 2023-03-02 15:49:50 +02:00
find_abs_path_of_executable_test.v vfmt: change all '$expr' to '${expr}' (#16428) 2022-11-15 16:53:13 +03:00
glob_test.v all: change optional to result of io (#16075) 2022-10-16 09:28:57 +03:00
inode_test.v vfmt: change all '$expr' to '${expr}' (#16428) 2022-11-15 16:53:13 +03:00
inode.c.v all: 2023 copyright 2023-03-28 22:55:57 +02:00
open_uri_default.c.v vfmt: change all '$expr' to '${expr}' (#16428) 2022-11-15 16:53:13 +03:00
open_uri_windows.c.v vfmt: change all '$expr' to '${expr}' (#16428) 2022-11-15 16:53:13 +03:00
os_android_outside_termux.c.v vfmt: change all '$expr' to '${expr}' (#16428) 2022-11-15 16:53:13 +03:00
os_darwin.c.v all: 2023 copyright 2023-03-28 22:55:57 +02:00
os_js.js.v os: return the long path for os.temp_dir() on windows, even for folders like c:\someth~1 (#17623) 2023-03-14 00:51:52 +02:00
os_linux.c.v all: 2023 copyright 2023-03-28 22:55:57 +02:00
os_nix.c.v os: return the long path for os.temp_dir() on windows, even for folders like c:\someth~1 (#17623) 2023-03-14 00:51:52 +02:00
os_structs_dirent_default.c.v
os_structs_sigaction_default.c.v
os_structs_stat_default.c.v
os_structs_stat_linux.c.v
os_structs_utsname_default.c.v
os_test.v os: make hostname and loginname functions return Result (#17414) 2023-02-27 05:21:23 +03:00
os_windows.c.v os: return the long path for os.temp_dir() on windows, even for folders like c:\someth~1 (#17623) 2023-03-14 00:51:52 +02:00
os.c.v wasm: add a webassembly compiler backend, based on using binaryen (#17368) 2023-02-28 23:58:53 +02:00
os.js.v os: cleanup APIs returning !bool to either return ! or bool (#16111) 2022-10-20 13:56:06 +03:00
os.v all: 2023 copyright 2023-03-28 22:55:57 +02:00
password_nix.c.v termios: new termios module (#17792) 2023-03-30 08:58:52 +03:00
password_windows.c.v
process_nix.c.v all: fix dependant->dependent typos, cleanup comments 2022-12-02 12:51:10 +02:00
process_test.v vfmt: change all '$expr' to '${expr}' (#16428) 2022-11-15 16:53:13 +03:00
process_windows.c.v os: add create_no_window parameter to Process (#17726) 2023-03-21 11:24:40 +02:00
process.c.v vfmt: change all '$expr' to '${expr}' (#16428) 2022-11-15 16:53:13 +03:00
process.js.v vfmt: change all '$expr' to '${expr}' (#16428) 2022-11-15 16:53:13 +03:00
process.v os: add create_no_window parameter to Process (#17726) 2023-03-21 11:24:40 +02:00
README.md docs: fix typos using codespell (#17332) 2023-02-16 11:43:39 +02:00
signal_test.v
signal.c.v all: change optional to result of io (#16075) 2022-10-16 09:28:57 +03:00
signal.js.v os: return the long path for os.temp_dir() on windows, even for folders like c:\someth~1 (#17623) 2023-03-14 00:51:52 +02:00
signal.v

Description:

os provides common OS/platform independent functions for accessing command line arguments, reading/writing files, listing folders, handling processes etc.


A few os module functions can lead to the TOCTOU vulnerability if used incorrectly. TOCTOU (Time-of-Check-to-Time-of-Use problem) can occur when a file, folder or similar is checked for certain specifications (e.g. read, write permissions) and a change is made afterwards. In the time between the initial check and the edit, an attacker can then cause damage. The following example shows an attack strategy on the left and an improved variant on the right so that TOCTOU is no longer possible.

Example Hint: os.create() opens a file in write-only mode

Possibility for TOCTOU attack
if os.is_writable("file"){

    // >> time to make a quick attack (e.g. symlink /etc/passwd to >file<) <<

    mut f := os.create('path/to/file') ?
        // <do something with file>
    f.close()
}
TOCTOU not possible
mut f := os.create('path/to/file') or {
    println("file not writable")
}

// >> do something with file; file is locked <<

f.close()

Proven affected functions
The following functions should be used with care and only when used correctly.

  • os.is_readable()
  • os.is_writable()
  • os.is_executable()
  • os.is_link()