In the standard language library RUST identified vulnerability ( CVE-2022-21658 ) associated with The status of the race in the STD :: FS :: Remove_Dir_all () function. If this feature is applied to delete temporary files in a privileged application, an attacker can delete arbitrary system files and directories, to the removal of which under normal conditions there is no access.
Vulnerability is caused by the incorrect implementation of testing symbolic links to recursive removal of directories. Instead of prohibiting the following symbolic links, the Remove_Dir_all () function first checks whether the file is a symbolic reference. If a reference is defined, it is deleted as a file, and if the directory is called the recursive content deletion operation. The problem is that there is a slight delay in the test and the beginning of the removal operation.
At the time when the check has already been done, the operation of the search for removal directory has not yet begun, the attacker can replace the directory with temporary files on a symbolic link. In case of success, the remove_dir_all () function will process a symbolic link as a directory and deletes the content to which this link indicates. Despite the fact that the success of the attack depends on the accuracy of the selected time replacement time and hit the first time at the right moment is unlikely, during the experiments to researchers to achieve a repeated successful attack in a few seconds.
Vulnerabilities are subject to all versions of Rust from 1.0.0 to 1.58.0 inclusive. The problem is still eliminated in the form of patch (correction will be enabled Issue 1.58.1, which is expected for several hours). You can trace the removal of vulnerability in distributions in these pages: Debian , RHEL , SUSE , Fedora , ubuntu , Arch FreeBSD . All programs in the RUST programs running with elevated privileges and using the Remove_Dir_all function, it is recommended to urgently update Rust to version 1.58.1. Interestingly, the released patch solves the problem not on all systems, for example, in the Redox OS and MacOS versions up to 10.10 (Yosemite), the vulnerability is not blocked due to the lack of the O_NOFOLLOW flag, which turns off the following symbolic links.