writeFile is a TOCTOU-safe equivalent of [os.WriteFile]. See [readFile] for the contract. The call is rejected by the kernel when any component of rel is an out-of-root symlink, so an attacker cannot win the swap race between the [resolveAndCheckPath] check and the write.
(resolved string, data []byte, perm os.FileMode)
| 703 | // of rel is an out-of-root symlink, so an attacker cannot win the swap |
| 704 | // race between the [resolveAndCheckPath] check and the write. |
| 705 | func (t *ToolSet) writeFile(resolved string, data []byte, perm os.FileMode) error { |
| 706 | root, rel, err := t.rootedAccess(resolved) |
| 707 | if err != nil { |
| 708 | return err |
| 709 | } |
| 710 | if root != nil { |
| 711 | return root.WriteFile(rel, data, perm) |
| 712 | } |
| 713 | return os.WriteFile(resolved, data, perm) |
| 714 | } |
| 715 | |
| 716 | // stat is a TOCTOU-safe equivalent of [os.Stat]. See [readFile] for the |
| 717 | // contract. |