Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-132620

QSaveFile follows symlinks unconditionally

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • P2: Important
    • None
    • 6.8.1, 6.9.0 Beta1
    • Core: I/O
    • None
    • 3
    • Foundation Sprint 122, Foundation Sprint 123, Foundation Sprint 124, Foundation Sprint 125, Foundation Sprint 126, Foundation Sprint 127

    Description

      QSaveFile follows symlinks unconditionally since https://codereview.qt-project.org/c/qt/qtbase/+/86396, but this is not always the desired behaviour.

      When writing files to a disk cache, e.g., following symlinks out of
      the cache directory is not needed; doing it nonetheless could pose a
      security risk (by leveraging any elevated permissions the user of
      QSaveFile may have over someone that can just create files in the
      cache dir).

      QTemporaryFile is not a replacement, because its rename() method
      refuses to overwrite existing files. So Qt API doesn't have a way to
      express the classical Unix pattern of mktmp + mv to safely escape
      symlink attacks (see also the old bug-report QTBUG-2082, which I
      reopened as a result).

      So, we should add a mode to QSaveFile that makes it not follow symlinks. We might also want to add a variant of QTemporaryFile::rename() that does overwrite.

      Attachments

        Issue Links

          For Gerrit Dashboard: QTBUG-132620
          # Subject Branch Project Status CR V

          Activity

            People

              mmutz Marc Mutz
              mmutz Marc Mutz
              Vladimir Minenko Vladimir Minenko
              Alex Blasche Alex Blasche
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated: