On 11/22/25 6:09 AM, Robert Elz wrote:
Date: Sat, 22 Nov 2025 11:08:16 +0100 From: Andreas Schwab <[email protected]> Message-ID: <[email protected]>| On Nov 21 2025, Chet Ramey wrote: | | > Yes, this defeats the bash check. I tend to agree with kre that this is | > a Linux kernel bug, but here we are. | | I don't think so. This can happen with any file (even "normal" regular | ones) if another process is modifying it just between the stat and the | read calls. It is a kernel bug if it doesn't correctly report the actual amount of data available to be read in the stat() interface ("always returns 4K" indeed!) Certainly there is a race condition between getting that size, and actually doing the read, but that's up to the application to decide what is right.
The open-fstat-malloc-read sequence can be raced, but generally a specific
file increases in size (log file, data file, etc.). The question is whether
a shell script (which is what this is) shrinking between the fstat and the
read is something to be concerned about. The security folks would probably
say it is.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU [email protected] http://tiswww.cwru.edu/~chet/
OpenPGP_signature.asc
Description: OpenPGP digital signature
