Go Root.Chmod Symlink Traversal Vulnerability on Linux

A vulnerability exists in the Go programming language's handling of the Root.Chmod function on Linux. If the target of a chmod operation is replaced with a symlink while the operation is ongoing, Chmod can inadvertently modify the target of the symlink, potentially affecting files outside the intended directory. This issue arises because the fchmodat system call, used by Chmod, ignores the AT_SYMLINK_NOFOLLOW flag, which is meant to prevent such symlink traversal. Although Chmod checks its target before execution and will return an error if the target is a symlink leading outside the root directory, the vulnerability can still be exploited if the target is changed to a symlink between the initial check and the execution of the command.

Impact

Exploitation of this vulnerability allows Chmod to follow symlinks out of the root directory, potentially leading to unauthorized modifications of files or directories.

Reproduction

To reproduce this vulnerability, initiate a Root.Chmod operation on a target file or directory. While the operation is in progress, replace the target with a symlink that points to a location outside the root directory. Once the symlink is in place, Chmod will complete the operation by following the symlink, disregarding the intended root directory constraints.

Remediation

Users can upgrade to Go versions 1.26.2 or 1.25.9, both of which include the necessary fix. Instructions for downloading these versions are available on the Go website.