Bugtraq mailing list archives
race condition in .net core System.IO.Directory.Delete allowing deletion of entire drives
From: Joshua Hudson <joshudson () gmail com>
Date: Mon, 17 Sep 2018 18:30:22 -0700
Here's a link to the original reporting of this class of bug: https://seclists.org/bugtraq/2000/May/67 In looking for how to deal with this problem on Windows, I discovered that .net core has essentially the same security bug. That file system node might have been a directory when FindNextFile returned it, but it's a symlink to c:\users now. Goodbye half your data (on average) before hitting a locked file. https://github.com/dotnet/corefx/issues/32082 Microsoft does not want to believe this is a security bug. I do not know what to do.
Current thread:
- race condition in .net core System.IO.Directory.Delete allowing deletion of entire drives Joshua Hudson (Sep 17)