oss-security - Re: uutils coreutils CVEs

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [day] [month] [year] [list]

Message-ID: <877bplfrai.fsf@gmail.com>
Date: Sat, 02 May 2026 14:13:57 -0700
From: Collin Funk <collin.funk1@...il.com>
To: oss-security@...ts.openwall.com
Cc: Jan Schaumann <jschauma@...meister.org>
Subject: Re: uutils coreutils CVEs

Jan wrote:

> Collin Funk <collin.funk1@...il.com> wrote:
> >
> > We can see that uutils 'mkfifo' creates the fifo with world readable and
> > writable permissions and then uses chmod() 
> >
> >
> >     umask(000)                              = 002
> >     umask(002)                              = 000
> >     mknodat(AT_FDCWD, "/tmp/fifo", S_IFIFO|0666) = 0
> 
> Minor difference, and not disputing the race condition
> here, but doesn't this initially yield a fifo with
> mode 664, not 666 due to the umask(002) right before?
> 
> Ie., not _world_ writable (although _group_ writable),
> even prior to chmod(2).

Yes, I should have probably adjusted my example:

    $ mkfifo --version
    mkfifo (uutils coreutils) 0.8.0
    $ (umask 0; strace mkfifo -m 700 /tmp/fifo)
    [...]
    umask(000)                              = 000
    umask(000)                              = 000
    mknodat(AT_FDCWD, "/tmp/fifo", S_IFIFO|0666) = 0
    chmod("/tmp/fifo", 0700)

Thanks,
Collin

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.