如果遇到一种需求,需要判断文件大小,如果太大就删除,
常见做法是
open file 或者stat file
读取size
if 超过阈值
unlink file
但是看到一个资料说这个存在TOCTOU风险,怎么改写才安全?
Opening a UNIX file and unlinking it later creates a race condition.
By replacing the named open file with another file or symbolic link, an attacker can cause unlink() to be applied to the wrong file.
This problem can be avoided with proper permissions on the file’s containing directories.
--
FROM 218.66.91.*