Skip to content

feat: Expand safe directory traversal to all Unix platforms and fix related type conversions. #9792

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
abendrothj wants to merge 3 commits into
base: main
Choose a base branch
from
Open

feat: Expand safe directory traversal to all Unix platforms and fix related type conversions. #9792

abendrothj wants to merge 3 commits into from
+56 −66

Conversation

@abendrothj
Copy link

@abendrothj abendrothj commented Dec 23, 2025
edited
Loading

feat: enable safe traversal on all Unix platforms

Expands the safe_traversal module support from target_os = "linux" to unix, enabling security improvements (specifically preventing TOCTOU races) on macOS and BSDs.

Changes:

  • Feature Guards: Replaced #[cfg(target_os = "linux")] with #[cfg(unix)] in uucore, du, chmod, and rm.
  • Refactoring: Renamed src/uu/rm/src/platform/linux.rs to unix.rs to reflect the broader platform support.
  • Type Safety: Added necessary type casts in safe_traversal.rs and du.rs to handle platform-specific differences in libc types (e.g., mode_t).

Verification:
Verified with cargo test on macOS.

Closes #9747

@github-actions
Copy link

github-actions bot commented Dec 23, 2025

GNU testsuite comparison:

Skipping an intermittent issue tests/misc/tee (passes in this run but fails in the 'main' branch)

sylvestre
sylvestre requested changes Dec 23, 2025
View reviewed changes
Copy link
Contributor

@sylvestre sylvestre left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

plenty of jobs are failing, please fix them

@abendrothj
fix: Fix type conversion errors and add TOCTOU to dictionary
9cd62b3 
- Use 'as u64' casts with clippy::unnecessary_cast suppression for
  st_nlink and st_ino to handle platform-specific type differences
- Add TOCTOU (time-of-check time-of-use) to cspell dictionary

Fixes compilation errors on FreeBSD, OpenBSD, and Android where
libc types differ from Linux/macOS (st_nlink is u16, st_ino is u32).
The cast is unnecessary on some platforms but required on others,
hence the clippy suppression.
@abendrothj
Merge branch 'main' of https://github.com/uutils/coreutils into main
f1c7082 
Resolved merge conflict in src/uu/du/src/du.rs by keeping the unix
cfg guard (not target_os = "linux") to align with the PR's goal of
expanding safe_traversal to all Unix platforms.
@abendrothj abendrothj requested a review from sylvestre December 27, 2025 15:11
@sylvestre
Copy link
Contributor

sylvestre commented Dec 27, 2025

Still a few job failures

@github-actions
Copy link

github-actions bot commented Dec 27, 2025

GNU testsuite comparison:

GNU test failed: tests/cp/cp-mv-enotsup-xattr. tests/cp/cp-mv-enotsup-xattr is passing on 'main'. Maybe you have to rebase?
Note: The gnu test tests/csplit/csplit-io-err was skipped on 'main' but is now failing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sylvestre sylvestre Awaiting requested review from sylvestre

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Safe traversal module only enabled on Linux

2 participants

@abendrothj @sylvestre