All Posts
Analyzers
Rust
Security

Rust stdlib vulnerability in fs::remove_dir_all

A
Akshay
Sanket
January 20, 2022

Rust stdlib vulnerability in fs::remove_dir_all

Earlier today, the Rust Security Response WG published a security advisory related to the fs::remove_dir_all standard library function. The team was notified that this function is vulnerable to a Race Condition Enabling Link Following (CWE-363).

Understanding the std::fs::remove_dir_all vulnerability

The remove_dir_all function takes a path as its parameter and removes a directory at this path, after removing all its contents recursively. You would use the function like this, for instance:

 
use std::fs;fn 
main() -> std::io::Result<()> {
	fs::remove_dir_all("/home/to-delete")?; 
  Ok(())}

According to the official documentation, the function does not follow symbolic links, and it simply removes the symbolic link if it sees one. However, as the security advisory found, this behavior was implemented incorrectly. From the official Rust blog post:

[...] that check was implemented incorrectly in the standard library, resulting in a TOCTOU (Time-of-check Time-of-use) race condition. Instead of telling the system not to follow symlinks, the standard library first checked whether the thing it was about to delete was a symlink, and otherwise, it would proceed to recursively delete the directory. This exposed a race condition: an attacker could create a directory and replace it with a symlink between the check and the actual deletion. While this attack likely won't work the first time it's attempted, in our experimentation we were able to reliably perform it within a couple of seconds.

Rust versions 1.0.0 through 1.58.0 are affected by this vulnerability. The Rust team will release Rust 1.58.1 later today, which will include mitigations for it. The Rust team has recommended that all users update to Rust 1.58.1 at the earliest to ensure this vulnerability is fixed.

What DeepSource is doing about it

We’ve added a new issue in our Rust Analyzer to detect this vulnerability — RS-S1002. If you’re on a vulnerable version of Rust, DeepSource will show you where you’re using this method in your code. For all new changes proposed through pull requests, DeepSource will alert you if a change makes your code vulnerable.

If you’re a DeepSource user and have the Rust Analyzer activated on your project, we’ve already re-triggered analysis on your project. Open the Issues tab of your repository on DeepSource, and check the Security category to see if it was detected in your code.

If you have any questions or need help, feel free to open a topic in DeepSource Discuss forum.

More from DeepSource

Support for Bitbucket Data Center
Support for Bitbucket Data Center
Bitbucket Server has come to end-of-life. We’re here to help with your transition to Data Center or Cloud.
Announcements
Product
From Zero To Secure
From Zero To Secure
A guide to risk-free SAST implementation for AppSec teams.
Code Security
SAST

Get started with DeepSource

DeepSource is free forever for small teams and open-source projects. Start analyzing your code in less than 2 minutes.

CHOOSE AN ACCOUNT
GitHub
GitLab
Bitbucket

Newsletter

Read product updates, company announcements, how we build DeepSource, what we think about good code, and more.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
platform
resources
company
support
PLATFORM
Platform Overview Pricing
Static Analysis
SAST
Autofix™️
IaC Analysis
Reports
Code Coverage
Self-hosting
IDE
RoadmapChangelog
resources
BlogGlossaryGood Code PodcastGood First IssueSpotlight
State of Code Health
State of Go
OWASP® Top 10 Whitepaper
company
AboutSecurityTrust Reports
Jobs
Press EnquiriesBrand AssetsTermsPrivacy
support
DocumentationSystem StatusContact SalesCommunity Forum
© 2023 DeepSource Corp. All rights reserved.