os: RemoveAll susceptible to symlink race [1.21 backport]

Question

gopherbot opened this issue a year ago · 2 comments

@rolandshoemaker requested issue #52745 to be considered for backport to the next 1.21 minor release.

@gopherbot please open backport issues for this, it's a security hardening issue which fixes a long running TOCTOU race.

Answer 1 · 2024-05-29T16:28:31.000Z

Change https://go.dev/cl/589057 mentions this issue: [release-branch.go1.21] os: RemoveAll: fix symlink race for unix

Answer 2 · 2024-05-30T00:13:18.000Z

Closed by merging 9488a44 to release-branch.go1.21.