https://redmine.lighttpd.net/https://redmine.lighttpd.net/favicon.ico?13667327412016-04-06T04:25:33Zlighty labsLighttpd - Bug #2724: security: stat cache *very large* race condition if caching when follow_symlink disabledhttps://redmine.lighttpd.net/issues/2724?journal_id=92992016-04-06T04:25:33Zgstrauss
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Patch Pending</i></li></ul> Lighttpd - Bug #2724: security: stat cache *very large* race condition if caching when follow_symlink disabledhttps://redmine.lighttpd.net/issues/2724?journal_id=93032016-04-06T04:27:36Zgstrauss
<ul><li><strong>Category</strong> set to <i>core</i></li></ul> Lighttpd - Bug #2724: security: stat cache *very large* race condition if caching when follow_symlink disabledhttps://redmine.lighttpd.net/issues/2724?journal_id=93712016-04-12T21:02:02Zstbuehler
<ul></ul><p>I'd say the FAM stat cache way should still work.</p>
<p>As an option to patching we could document it explicitly somehow that the cache should be disabled when disabling follow symlink.</p> Lighttpd - Bug #2724: security: stat cache *very large* race condition if caching when follow_symlink disabledhttps://redmine.lighttpd.net/issues/2724?journal_id=93732016-04-12T21:49:54Zgstrauss
<ul></ul><p>Since there is already stat() then open() race condition which can be exacerbated with busy I/O, I am okay with leaving the FAM behavior as-is as long as the documentation is also updated. Using FAM extends the race condition to the processing of the current list of ready non-blocking events.</p>
<p>Since the "simple" stat_cache is enabled by default and has up to a 1-second (huge) race condition, I would prefer to disable stat_cache if "simple" and !con->conf.follow_symlink. Yes, the sample configs and documentation should also be updated to be more explicit about this behavior.</p>
<p>When the next release is being prepared, I'd like to commit the following, plus documentation updates that I'll prepare separately.<br /><pre>
diff --git a/src/stat_cache.c b/src/stat_cache.c
index fa9b7cb..7691902 100644
--- a/src/stat_cache.c
+++ b/src/stat_cache.c
@@ -422,7 +422,7 @@ handler_t stat_cache_get_entry(server *srv, connection *con, buffer *name, stat_
if (buffer_is_equal(name, sce->name)) {
if (srv->srvconf.stat_cache_engine == STAT_CACHE_ENGINE_SIMPLE) {
- if (sce->stat_ts == srv->cur_ts) {
+ if (sce->stat_ts == srv->cur_ts && con->conf.follow_symlink) {
*ret_sce = sce;
return HANDLER_GO_ON;
}
</pre></p> Lighttpd - Bug #2724: security: stat cache *very large* race condition if caching when follow_symlink disabledhttps://redmine.lighttpd.net/issues/2724?journal_id=96682016-05-23T06:33:08Zgstrauss
<ul><li><strong>Target version</strong> changed from <i>1.4.x</i> to <i>1.4.40</i></li></ul> Lighttpd - Bug #2724: security: stat cache *very large* race condition if caching when follow_symlink disabledhttps://redmine.lighttpd.net/issues/2724?journal_id=97232016-06-15T07:49:27Zgstrauss
<ul><li><strong>Target version</strong> changed from <i>1.4.40</i> to <i>1.4.41</i></li></ul> Lighttpd - Bug #2724: security: stat cache *very large* race condition if caching when follow_symlink disabledhttps://redmine.lighttpd.net/issues/2724?journal_id=103692016-07-30T08:20:06Zgstrauss
<ul><li><strong>Status</strong> changed from <i>Patch Pending</i> to <i>Fixed</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>100</i></li></ul><p>Applied in changeset <a class="changeset" title="[security] disable stat_cache if !follow-symlink (fixes #2724) disable stat_cache if server.foll..." href="https://redmine.lighttpd.net/projects/lighttpd/repository/14/revisions/acd5e450b5b913c5ebd179292f120d18ade0b184">acd5e450b5b913c5ebd179292f120d18ade0b184</a>.</p> Lighttpd - Bug #2724: security: stat cache *very large* race condition if caching when follow_symlink disabledhttps://redmine.lighttpd.net/issues/2724?journal_id=103712016-07-30T08:33:20Zgstrauss
<ul><li><strong>Private</strong> changed from <i>Yes</i> to <i>No</i></li></ul>