On 01/06/2012 02:47 AM, Joerg Schilling wrote: > Paul Eggert <[email protected]> wrote: > >> On 01/05/12 14:59, Kamil Dudka wrote: >>> Is there a known attack on tar that the use of O_NONBLOCK can prevent? >> >> Yes, of course. For example, the attacker can create a >> hard link to a fifo while tar is running, which means that >> root doing a backup will hang indefinitely. > > star does not open FIFO files.....
Yes, it probably does. From your description, it sounds like star is using a stat() before open() to avoid FIFOs; but this is a classic TOCTTOU race where an attacker can replace a regular file with a FIFO, meaning that star will open FIFO files. > > Why should gtar open FIFO files? The question is not why an archiver opens a FIFO file, but what it does after opening a file O_NONBLOCK (the TOCTTOU race is eliminated by switching stat()/open() to open()/fstat() filtering, and once we have ascertained that an open fd is not a FIFO, if we can then use fcntl() to remove the O_NONBLOCK, hopefully that will resolve the situation with DMF). -- Eric Blake [email protected] +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
