From 3c2e943e18ab1a8ce8b2f04dc12373d164ee94b3 Mon Sep 17 00:00:00 2001
From: Tarasov Aleksandr <55220741+arabianq@users.noreply.github.com>
Date: Sun, 8 Mar 2026 02:13:19 +0300
Subject: [PATCH] fix(security): eliminate TOCTOU vulnerability during socket
 removal (#36)

Directly attempt to remove the daemon socket file and handle NotFound errors
instead of checking for its existence first. This prevents a potential
race condition where the file could be replaced between the check and
the removal.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
---
 src/bin/daemon.rs | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/bin/daemon.rs b/src/bin/daemon.rs
index ba7ee9b..e546f2e 100644
--- a/src/bin/daemon.rs
+++ b/src/bin/daemon.rs
@@ -47,8 +47,10 @@ async fn main() -> Result<(), Box<dyn Error>> {
     lock_file.lock()?;
 
     let socket_path = runtime_dir.join("daemon.sock");
-    if fs::metadata(&socket_path).is_ok() {
-        fs::remove_file(&socket_path)?;
+    if let Err(e) = fs::remove_file(&socket_path) {
+        if e.kind() != std::io::ErrorKind::NotFound {
+            return Err(e.into());
+        }
     }
 
     let listener = UnixListener::bind(&socket_path)?;