The Rust programming language’s maintainers have published a security fix for a high-severity vulnerability that a hostile actor might use to unlawfully remove files and directories from a susceptible system.
“An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn’t otherwise access or delete,” the Rust Security Response working group (WG) said in an advisory.
This vulnerability affects Rust versions 1.0.0 through 1.58.0. The vulnerability is tracked as CVE-2022-21658 and has a CVSS score of 7.3. Security researcher Hans Kratz should be credited for this flaw, with the team issuing a patch in Rust version 1.58.1.
The problem originates from an incorrectly implemented check in a standard library function called “std::fs::remove_dir_all” that prevents the repetitive deletion of symbolic links (aka symlinks). This causes a race condition, which an attacker may reliably exploit by using their access to a privileged application to destroy sensitive folders.
Rather than warning the system not to follow symlinks, the standard library first tested if the object it was about to destroy was a symlink. According to the advisory, if it wasn’t, it recursively deleted the directory. Between the inspection and the actual deletion, an attacker might create a directory and replace it with a symlink, exposing a race condition.
While Rust is not a commonly used programming language, it has seen a recent increase in popularity due to its memory-related safety guarantees. Google clarified last year that its open-source Android operating system would include support for the programming language to eliminate memory safety problems.