hai/gstack
1
0
Fork 0
mirror of https://github.com/garrytan/gstack.git synced 2026-05-21 20:28:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: TOCTOU race in setup symlink creation (C6)

Browse Source 
Remove the existence check before mkdir -p (it's idempotent) and validate
the target isn't already a symlink before creating the link. Prevents a
local attacker from racing between the check and mkdir to redirect
SKILL.md writes. Closes C6 from security audit #783.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Garry Tan
2026-04-04 21:22:24 -07:00
parent c7fc5e5ca9
commit 37e4cf5754
1 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
setup
View File

@@ -296,11 +296,12 @@ link_claude_skill_dirs() {
rm -f "$target" rm -f "$target"
fi fi
# Create real directory with symlinked SKILL.md (absolute path) # Create real directory with symlinked SKILL.md (absolute path)
if [ ! -e "$target" ] || [ -d "$target" ]; then # Use mkdir -p unconditionally (idempotent) to avoid TOCTOU race
mkdir -p "$target" mkdir -p "$target"
ln -snf "$gstack_dir/$dir_name/SKILL.md" "$target/SKILL.md" # Validate target isn't a symlink before creating the link
linked+=("$link_name") if [ -L "$target/SKILL.md" ]; then rm "$target/SKILL.md"; fi
fi ln -snf "$gstack_dir/$dir_name/SKILL.md" "$target/SKILL.md"
linked+=("$link_name")
fi fi
done done
if [ ${#linked[@]} -gt 0 ]; then if [ ${#linked[@]} -gt 0 ]; then