You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Fixed insecure path handling in `StatusSocket.swift` where POSIX file APIs (`open()`) were called with raw path variables, leading to unsafe filesystem representations. Replaced raw POSIX calls with safe C-string pointer wrappers (`URL(fileURLWithPath:).withUnsafeFileSystemRepresentation`) to securely bridge file paths.
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Co-authored-by: acebytes <2820910+acebytes@users.noreply.github.com>
**Vulnerability:** Insecure file creation due to missing O_NOFOLLOW flag.
139
139
**Learning:** Using `open()` with `O_CREAT` but without `O_NOFOLLOW` and `O_EXCL` allows an attacker to conduct a TOCTOU symlink attack to truncate or overwrite unintended target files.
140
140
**Prevention:** Always combine `O_CREAT` with `O_NOFOLLOW` when creating files, and prefer explicit octal permissions like `0o600` over bitmasks.
141
+
142
+
## 2024-06-20 - Unsafe Path Bridging in StatusSocket
143
+
**Vulnerability:** Calling `open(2)` with raw Swift `String` paths in `StatusSocket.swift` creates an unsafe filesystem representation.
144
+
**Learning:** Passing Swift `String` paths implicitly to C functions can result in memory issues or incorrect path resolution if the string is not null-terminated or is moved in memory.
145
+
**Prevention:** Always use `URL(fileURLWithPath:).withUnsafeFileSystemRepresentation` to obtain the correct C-string pointer when bridging file paths to POSIX APIs.
0 commit comments