-
Notifications
You must be signed in to change notification settings - Fork 30.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
worker: file creation races with process.umask() #32321
Comments
Fwiw, this seems problematic even without worker threads, because it also affects fs operations running on the libuv thread pool? |
Yes, that's right. I could swear there was a warning about that in the documentation at one point (at least about changing the umask) but not anymore. IMO,
|
I'm reopening this. It's deprecated now but the goal is to remove it entirely. |
Fwiw, at least:
use this function without arguments (I didn’t even try to find anything systematically). I think part of that usage is unnecessary, but we should probably make sure that ecosystem breakage is minimal before #32499 is released, and take a lot of time before removing this entirely. |
I filed issues with those projects. |
Hmm... this is a little bit tricky in the case of node-tar. I think there's a workaround, but wanted to float this here just to see what y'all think. Tar archive entries can contain a mode field. If a file entry has a mode of So, we check the umask at the start of the unpack process to know whether a chmod will be necessary, to avoid an extra stat call during the unpack process. Of course, this is not 100% bulletproof, since the umask can change along the way, but archive unpacking is never going to be safely atomic anyway. If Whichever version of Node loses |
Legacy fix for #22 Re nodejs/node#32321
Created issues for the npm deps relying on I strongly recommend holding off on this until the linked issues above are resolved. |
I pinned this issue to keep track of modules that use A first step would be to create a list of known commonly used modules with CITGM and Gzemnid. |
#6) ref nodejs/node#32321 Co-authored-by: Blaine Bublitz <[email protected]>
It's deprecated in the latest Node.js due to being insecure and it's not necessary to use it in the first place because the umask is automatically applied when creating the directory. Refs: nodejs/node#32321 Refs: isaacs/node-mkdirp#22
Concurrency Sanitizer may spot race conditions. |
@AhmedMostafa16 Not this kind of race condition. |
This commit introduces a documentation deprecation for calling process.umask() with no arguments. PR-URL: nodejs#32499 Fixes: nodejs#32321 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: James M Snell <[email protected]>
This commit introduces a documentation deprecation for calling process.umask() with no arguments. Backport-PR-URL: #34591 PR-URL: #32499 Fixes: #32321 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: James M Snell <[email protected]>
I’m working on a programmatic version of the When a symbolic mode argument without scope is provided, the function should apply a umask to the requested value. For example we have the
Without umask reading the implementation will be incomplete and may lead to unexpected results to anyone who expects it’s completely aligned with the Deprecating Another point is |
I agree with @miyaokamarina, having a way to get the current umask is useful, especially when wanting to provide APIs for setting the umask via symbolic notation. Aliasing |
ref nodejs/node#32321 Co-authored-by: Blaine Bublitz <[email protected]>
This code is unsafe when worker threads are active:
node/src/node_process_methods.cc
Lines 248 to 249 in 40b559a
The
umask(0)
call temporarily changes the process-wide umask and races with fs operations from other threads.Test case:
Fails within a few iterations with
unexpected mode: 666
process.umask()
(no arg) is allowed in workers so this test case works both ways.This bug is potentially a security issue.
The text was updated successfully, but these errors were encountered: