search

rofl0r / proxychains-ng

proxychains ng (new generation) - a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained proxychains project. the sf.net page is currently not updated, use releases from github release page instead.
http://sourceforge.net/projects/proxychains-ng/files
GNU General Public License v2.0
9.82k stars 1.08k forks source link

TOCTTOU in usage of `access()` #539

Open guijan opened 11 months ago

guijan commented 11 months ago

https://en.wikipedia.org/wiki/Time-of-check_to_time-of-use

There's no guarantee that the information access() returns is valid after it returns.

This function should be removed and its caller should be reworked to use open(): https://github.com/rofl0r/proxychains-ng/blob/d5cc80ae1666facf079b58996d9061eb0ebe9964/src/common.c#L77-L81

There's a 2nd usage of access() in the source code, but it's not a bug because there's no way to do what it does with file descriptors: https://github.com/rofl0r/proxychains-ng/blob/d5cc80ae1666facf079b58996d9061eb0ebe9964/src/main.c#L122-L129

rofl0r commented 11 months ago

i'm aware about TOCTTOU and its implications, but i figure the chances of proxychains.conf disappearing between the check and the usage are too small to be relevant. in all the years maintaining this program this theoretical issue not once surfaced in a practical issue report.