Control: reassign -1 perl 5.40.1-2 Control: retitle -1 perl: thread creation while a directory handle is open does a fchdir, affecting other threads (race condition) Control: tags -1 security upstream Control: severity -1 grave Control: forwarded -1 https://github.com/Perl/perl5/issues/23010
This is a bug visible in the perl code, so I've just reported the bug upstream. (Not sure about the severity, but this can yield incorrect file operations in the involved directory, which may be very problematic if this directory is untrusted.) On 2025-02-18 14:26:54 +0100, Vincent Lefevre wrote: > Hmm... There's a fchdir in the strace output. If the current directory > is global to the process, this could be an issue. I now really suspect > a bug in perl. Yes, thread creation does a chdir when a directory handle is open. As the current working directory is global to the process, this can affect other threads, if they do file operations with relative pathnames. Even though the current working directory is set back to the old value, this is a race condition, which can affect real scripts (this is how I identified this bug). -- Vincent Lefèvre <[email protected]> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / Pascaline project (LIP, ENS-Lyon)
