os: RemoveAll susceptible to symlink race [1.22 backport]

Question

gopherbot opened this issue a year ago · 2 comments

@rolandshoemaker requested issue #52745 to be considered for backport to the next 1.22 minor release.

@gopherbot please open backport issues for this, it's a security hardening issue which fixes a long running TOCTOU race.

Answer 1 · 2024-05-29T16:25:56.000Z

Change https://go.dev/cl/589056 mentions this issue: [release-branch.go1.22] os: RemoveAll: fix symlink race for unix

Answer 2 · 2024-05-30T01:15:41.000Z

Closed by merging 7456575 to release-branch.go1.22.