The maintainers of the Rust programming language have released a security update for a high-severity vulnerability that could be abused by a malicious party to purge files and directories from a vulnerable system in an unauthorized manner.<\/p>\n
\"An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn't otherwise access or delete,\" the Rust Security Response working group (WG) said in an advisory published on January 20, 2021.<\/p>\n
Rust 1.0.0 through Rust 1.58.0 is affected by this vulnerability. The flaw, which is tracked as CVE-2022-21658 (CVSS score: 7.3), has been credited to security researcher Hans Kratz, with the team pushing out a fix in Rust version 1.58.1 shipped last week.<\/p>\n
Specifically, the issue stems from an improperly implemented check to prevent recursive deletion of symbolic links (aka symlinks) in a standard library function named \"std::fs::remove_dir_all.\" This results in a race condition, which, in turn, could be reliably exploited by an adversary by abusing their access to a privileged program to delete sensitive directories.<\/p>\n
\"Instead of telling the system not to follow symlinks, the standard library first checked whether the thing it was about to delete was a symlink, and otherwise it would proceed to recursively delete the directory,\" the advisory said. \"This exposed a race condition: an attacker could create a directory and replace it with a symlink between the check and the actual deletion.\"<\/p>\n
Rust, while not a widely-used programming language, has witnessed a surge in adoption in recent years for its memory-related safety guarantees. Last year, Google announced that its open-source version of the Android operating system will add support for the programming language to prevent memory safety bugs.<\/p>\n
<\/p>\n