os: use minimal file permissions when opening parent directory in RemoveAll

On Windows, the process might not have read permission on the parent
directory, but still can delete files in it. This change allows
RemoveAll to open the parent directory with minimal permissions, which
is sufficient for deleting child files.

Fixes #74134.

Cq-Include-Trybots: luci.golang.try:gotip-windows-amd64-longtest,gotip-windows-arm64
Change-Id: I5d5c5977caaebf6e0f93fb2313b0ceb346f70e05
Reviewed-on: https://go-review.googlesource.com/c/go/+/684515
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>

diff --git a/src/os/removeall_at.go b/src/os/removeall_at.go
index a613aeeb9147d49d87961bc7c0fa4e36a0dc4754..5ddc1ade6134e5a26e9b52ed92dbb111f65fabd1 100644 (file)
--- a/src/os/removeall_at.go
+++ b/src/os/removeall_at.go
@@ -8,6 +8,7 @@ package os
 
 import (
        "io"
+       "runtime"
        "syscall"
 )
 
@@ -34,7 +35,15 @@ func removeAll(path string) error {
        // its parent directory
        parentDir, base := splitPath(path)
 
-       parent, err := Open(parentDir)
+       flag := O_RDONLY
+       if runtime.GOOS == "windows" {
+               // On Windows, the process might not have read permission on the parent directory,
+               // but still can delete files in it. See https://go.dev/issue/74134.
+               // We can open a file even if we don't have read permission by passing the
+               // O_WRONLY | O_RDWR flag, which is mapped to FILE_READ_ATTRIBUTES.
+               flag = O_WRONLY | O_RDWR
+       }
+       parent, err := OpenFile(parentDir, flag, 0)
        if IsNotExist(err) {
                // If parent does not exist, base cannot exist. Fail silently
                return nil