Skip to content

easy-to-use *at(2) syscall abstractions in Rust

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT
Notifications You must be signed in to change notification settings

fetchfern/sneak

Repository files navigation

sneak

docs.rs crates.io

High-level abstractions of *at and related *nix syscalls to build race condition-free, thread-safe, symlink traversal attack-safe user APIs.

Motivation

While building filesystem-abstracting APIs, you can easily run into race conditions: classic system calls, as exposed by Rust's filesystem library, often do not provide sufficient protections in multi-threaded or multi-process applications. In more complex applications, especially if they run as root, you risk exposing yourself to time-of-check time-of-use (TOCTOU) race conditions, which can culminate to privilege escalation vulnerabilities. Up until recently, the Rust standard library's std::fs::remove_dir_all was sensitive to this attack vector.

Unfortunately, avoiding these race conditions is not an easy task. You need to directly interact with specialized system calls, handle different operating systems and unsafe code. This library aims to provide a safe, easy to use yet ultra flexible API which doesn't hide away any implementation details.

Getting started

See the documentation.

use sneak::Dir;

let base_dir = Dir::open("/var/lib/myapp/")?;

while let Some(item) = queue.recv() {
	let filepath = format!("./user_data/{}/data.txt", item.user_id);

	// open the file in a TOCTOU-safe way
	let mut file = base_dir.open_file(&filepath, libc::O_WRONLY)?;

	// write data
	file.write_all(&item.data)?;

	println!("wrote data to user {}'s folder!", item.user_id);
}

License

This software is dual-licensed under the MIT license and the Apache-2.0 license.

About

easy-to-use *at(2) syscall abstractions in Rust

Topics

Resources

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages