--- FAIL: TestOpenFileCreateExclDanglingSymlink (0.00s)
--- FAIL: TestOpenFileCreateExclDanglingSymlink/InRoot (0.00s)
os_test.go:2320: OpenFile of a dangling symlink with O_CREATE|O_EXCL = <nil>, want ErrExist
os_test.go:2323: OpenFile of a dangling symlink with O_CREATE|O_EXCL created a file
https://build.golang.org/log/eb39f5381271bd9b5275d63a6b2031f7e51aa603
Comment From: gabyhelp
Related Issues
- os: inconsistent handling of O_CREATE|O_EXCL on Unix and Windows #73702 (closed)
- os: new test TestOpenFileCreateExclDanglingSymlink fails on Plan 9 #73729 (closed)
- os: Testing re. hardlinks failing on macs. #30179 (closed)
(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)
Comment From: mknyszek
CC @neild maybe?
Comment From: neild
AIX's openat(2) returns ELOOP instead of EEXIST when refusing to follow a dangling symlink while opening a file with O_CREAT|O_EXCL. I think open(2) returns EEXIST, or the other half of this test would be failing.
This is similar to #73702, which we called a PUBLIC track security vulnerability. In this case, only os.Root.OpenFile is affected (not os.OpenFile), and while it improperly follows the symlink to create a file, that file will be located within the root. I think that we can consider this a non-vulnerability bug, since it doesn't provide a way to escape the root.
Comment From: gopherbot
Change https://go.dev/cl/677735 mentions this issue: os: do not follow dangling symlinks in Root when O_CREATE|O_EXCL on AIX
Comment From: ayappanec
I verified the change -> https://go.dev/cl/677735 fixes this issue in AIX. Can the CL be merged as AIX builder is failing continuously ?
Comment From: neild
Sorry for the delay, lost track of the CL.
Comment From: ayappanec
Thanks @neild