GHSA-8425-8r2f-mrv6
GitHub Security Advisory
Dragonfly's directories created via os.MkdirAll are not checked for permissions
Advisory Details
### Impact
DragonFly2 uses the os.MkdirAll function to create certain directory paths with specific access permissions. This function does not perform any permission checks when a given directory path already exists. This allows a local attacker to create a directory to be used later by DragonFly2 with broad permissions before DragonFly2 does so, potentially allowing the attacker to tamper with the files.
Eve has unprivileged access to the machine where Alice uses DragonFly2. Eve watches the commands executed by Alice and introduces new directories/paths with 0777 permissions before DragonFly2 does so. Eve can then delete and forge files in that directory to change the results of further commands executed by Alice.
### Patches
- Dragonfy v2.1.0 and above.
### Workarounds
There are no effective workarounds, beyond upgrading.
### References
A third party security audit was performed by Trail of Bits, you can see the [full report](https://github.com/dragonflyoss/dragonfly/blob/main/docs/security/dragonfly-comprehensive-report-2023.pdf).
If you have any questions or comments about this advisory, please email us at [[email protected]](mailto:[email protected]).
Affected Packages
Related CVEs
Key Information
Dataset
Data from GitHub Advisory Database. This information is provided for research and educational purposes.