mirror of
https://github.com/rust-lang/rust.git
synced 2025-10-19 19:40:36 +00:00
7f306d5729
library: explain TOCTOU races in `fs::remove_dir_all` In the previous description it said there was a TOCTOU race but did not explain exactly what the problem was. I sat down with the CVE, reviewed its text, and created this explanation. This context should hopefully help people understand the actual risk as-such. Incidentally, it also fixes the capitalization on the name of Redox OS. Original CVE and advisory: - CVE: https://www.cve.org/CVERecord?id=CVE-2022-21658 - security advisory: https://groups.google.com/g/rustlang-security-announcements/c/R1fZFDhnJVQ?pli=1 - github cross-post: https://github.com/rust-lang/rust/security/advisories/GHSA-r9cc-f5pr-p3j2