The maintainers of the Rust programming language have released a security update for a high-severity vulnerability that could be abused by a malicious party to purge files and directories from a vulnerable system in an unauthorized manner.
"An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn't otherwise access or delete," the Rust Security Response working group (WG) said in an advisory published on January 20, 2021.
![Cybersecurity](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPJqG-_vBdld4mKDQV0jycRh5ED5SLMe5CL08ldq3UMFq3DV9n5S2fO3ebJV0_EvNXJg56IBsf7U3bc_NqbcH2exzd3gz33MP0IOdCULyAKCmNYR6bkxkGGwfC7r1r4Czo4H3hCQjMqyKvKnyD_pBwKhtRSmGAsxN1Yhf3_hkGWqJSCpmANMbmvXryhMUa/s728-e300/intel-d.png)
Rust 1.0.0 through Rust 1.58.0 is affected by this vulnerability. The flaw, which is tracked as CVE-2022-21658 (CVSS score: 7.3), has been credited to security researcher Hans Kratz, with the team pushing out a fix in Rust version 1.58.1 shipped last week.
Specifically, the issue stems from an improperly implemented check to prevent recursive deletion of symbolic links (aka symlinks) in a standard library function named "std::fs::remove_dir_all." This results in a race condition, which, in turn, could be reliably exploited by an adversary by abusing their access to a privileged program to delete sensitive directories.
"Instead of telling the system not to follow symlinks, the standard library first checked whether the thing it was about to delete was a symlink, and otherwise it would proceed to recursively delete the directory," the advisory said. "This exposed a race condition: an attacker could create a directory and replace it with a symlink between the check and the actual deletion."
Rust, while not a widely-used programming language, has witnessed a surge in adoption in recent years for its memory-related safety guarantees. Last year, Google announced that its open-source version of the Android operating system will add support for the programming language to prevent memory safety bugs.