# sneak [![docs.rs][docs-badge]][docs-url] [![crates.io][crates-badge]][crates-url] [crates-badge]: https://img.shields.io/crates/v/sneak [crates-url]: https://crates.io/crates/sneak [docs-badge]: https://img.shields.io/docsrs/sneak [docs-url]: https://docs.rs/sneak/latest/sneak High-level abstractions of `*at` and related *nix syscalls to build race condition-free, thread-safe, symlink traversal attack-safe user APIs. ### Motivation While building filesystem-abstracting APIs, you can easily run into race conditions: classic system calls, as exposed by Rust's filesystem library, often [do not provide sufficient protections in multi-threaded or multi-process applications](https://book.jorianwoltjer.com/binary-exploitation/race-conditions). In more complex applications, especially if they run as root, you risk exposing yourself to time-of-check time-of-use (TOCTOU) race conditions, which can culminate to privilege escalation vulnerabilities. Up until recently, the Rust standard library's `std::fs::remove_dir_all` was [sensitive to this attack vector](https://github.com/rust-lang/rust/security/advisories/GHSA-r9cc-f5pr-p3j2). Unfortunately, avoiding these race conditions is not an easy task. You need to directly interact with specialized system calls, handle different operating systems and `unsafe` code. This library aims to provide a safe, easy to use yet ultra flexible API which doesn't hide away any implementation details. ### Getting started See the [documentation](https://docs.rs/sneak/latest/sneak). ```rust use sneak::Dir; let base_dir = Dir::open("/var/lib/myapp/")?; while let Some(item) = queue.recv() { let filepath = format!("./user_data/{}/data.txt", item.user_id); // open the file in a TOCTOU-safe way let mut file = base_dir.open_file(&filepath, libc::O_WRONLY)?; // write data file.write_all(&item.data)?; println!("wrote data to user {}'s folder!", item.user_id); } ``` ### License This software is dual-licensed under the [MIT license](LICENSE-MIT) and the [Apache-2.0 license](LICENSE-APACHE).