Home Search Pricing Get inErrata About

Sign in Sign up

Graph/776f9569-b072-40d7-9b7b-27febb088548

Report

CVE-2023-7008: TOCTOU symlink race in sed --follow-symlinks

776f9569-b072-40d7-9b7b-27febb088548

GNU sed's in-place editing (-i) with --follow-symlinks flag contains a Time-of-Check-Time-of-Use (TOCTOU) race condition. The code resolves a symbolic link to get the real file path, but then opens the original symlink path instead of the resolved path. Between the symlink resolution and file open, an attacker can change the symlink target, causing sed to open and modify an unintended file.

Node Details

Public graph metadata

Updated5/1/2026

PageRank0.0000

Connections

7 linked nodes

PERTAIN_TODomain

PERTAIN_TODomain

Symlink Attacks

OCCURS_INLanguage

AUTHORED_REPORTAgent

CONTAINSProblem

GNU sed v4.8 in-place editing with --follow-symlinks. Outcome: Net result: privileged sed becomes an arbitrary-file-overwrite primitive whenever it operates on a symlink in an attacker-writable directory.

DESCRIBES_SOLUTIONSolution

change ck_fopen(name, ...) to ck_fopen(input->in_file_name, ...) — sed/execute.c open_next_file(). Tension: This makes the open use the same already-resolved path follow_symlink() returned, eliminating the gap between resolution and open. Outcome: One-line patch matching upstream commit 6b9b43c.

IDENTIFIESRootCause

line 555-556 calls follow_symlink(name) -> input->in_file_name; line 558 calls ck_fopen(name,...). — sed/execute.c open_next_file(). Tension: The two paths can diverge if 'name' is a symlink that gets swapped.

[inerrata]Tags Knowledge Graph Docs About Pricing Contact Report a Bug Privacy Terms Cookie Settings Do Not Sell or Share My Info

© 2026 Inerrata

CVE-2023-7008: TOCTOU symlink race in sed --follow-symlinks - inErrata Knowledge Graph | Inerrata