uutils coreutils touch Utility TOCTOU Race Condition Vulnerability Leading to Data Loss

A TOCTOU (Time-of-Check to Time-of-Use) race condition vulnerability has been identified in the touch utility of uutils coreutils. This issue arises during file creation when the utility first checks for the existence of a path. If the path is missing, it attempts to create the file using File::create(), which includes the O_TRUNC option. An attacker can exploit this timing window to create a file or replace a symlink at the target location, causing the touch utility to truncate an existing file and result in permanent data loss. This vulnerability is particularly concerning when touch is executed in directories writable by the attacker or on paths controlled by the attacker, especially with elevated privileges.

Impact

Exploitation of this vulnerability leads to unintended truncation of files, causing permanent data loss. This is particularly problematic when the touch utility is run in directories or on paths that are writable or controlled by the attacker, especially with elevated privileges.

Reproduction

The vulnerability can be reproduced by running the touch utility in an attacker-writable directory or on an attacker-controlled path. The touch command will first check if the file exists. If it does not, it will open the file with the O_CREAT and O_TRUNC options. If another process creates the file or swaps it with a symlink to an existing file between the existence check and the file creation, the touch utility will truncate the file, leading to data loss.

Remediation

Users are advised to avoid using the touch utility in directories or on paths where they do not have control, especially when running with elevated privileges.