#1782 TOCTOU race conditions by copying and removing directory trees
Closed: Fixed None Opened 6 years ago by jhrozek.

A TOCTOU (time-of-check time-of-use) race condition was found in the way SSSD, System Security Services Daemon, performed copying and removal of (user) directory trees.A local attacker, with permissions to write into directory of the victim, being actively / currently copied / removed via the sssd daemon facility, could use this flaw to conduct symbolic link attacks, leading to their ability to alter / remove directories outside of originally intended, to be modified, directory tree.

This issue was found by Florian Weimer of Red Hat Product Security Team.


Fields changed

owner: somebody => jhrozek
rhbz: => 884254
status: new => assigned

Fields changed

patch: 0 => 1

resolution: => fixed
status: assigned => closed

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.9.4

2 years ago

Login to comment on this ticket.

Metadata
Attachments 1
Attached 2 years ago View Comment