On 1/6/12 8:14 AM, Eric Blake wrote:
On 01/06/2012 02:47 AM, Joerg Schilling wrote:
Paul Eggert<[email protected]> wrote:
On 01/05/12 14:59, Kamil Dudka wrote:
Is there a known attack on tar that the use of O_NONBLOCK can prevent?
Yes, of course. For example, the attacker can create a
hard link to a fifo while tar is running, which means that
root doing a backup will hang indefinitely.
star does not open FIFO files.....
Yes, it probably does. From your description, it sounds like star is
using a stat() before open() to avoid FIFOs; but this is a classic
TOCTTOU race where an attacker can replace a regular file with a FIFO,
meaning that star will open FIFO files.
Why should gtar open FIFO files?
The question is not why an archiver opens a FIFO file, but what it does
after opening a file O_NONBLOCK (the TOCTTOU race is eliminated by
switching stat()/open() to open()/fstat() filtering, and once we have
ascertained that an open fd is not a FIFO, if we can then use fcntl() to
remove the O_NONBLOCK, hopefully that will resolve the situation with DMF).
I am a bit lost in this discussion. As far as I know, O_NONBLOCK has no effect whatsoever on an
open() system call, it only has an effect when you do a read or a write. So you open the file
without O_NONBLOCK, you fstat the file, and if it's a pipe you close it. I do not see the need for
using O_NONBLOCK.
--
Ron Kerry [email protected]
Global Product Support - SGI Federal
