Coverity Scan's TOCTOUs
Sergey A. Osokin
osa at freebsd.org.ru
Sun Dec 14 19:57:31 UTC 2025
Hi,
hope you're doing well.
I've tried to figure out how to deal with the TOCTOUs, found by Coverity
Scan, https://scan.coverity.com/projects/freenginx.
So, I've created a PoC for that: it uses *at family functions (conforming
to POSIX.1-2008), such as mkdirat(2) and openat(2).
I do believe it's possible to fix TOCTOU issues similarly, but before
I start my work on that I'd like to hear your thoughts.
Thank you.
--
Sergey A. Osokin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: t.c
Type: text/x-csrc
Size: 1796 bytes
Desc: not available
URL: <http://freenginx.org/pipermail/nginx-devel/attachments/20251214/d0092484/attachment.c>
More information about the nginx-devel
mailing list