On 04/20/2012 12:15 AM, Stefan Tomanek wrote: > Dies schrieb Paul Eggert ([email protected]): >> Why just ENOENT? Can't similar race conditions also >> generate errno values like ELOOP, EACCESS, ENOTDIR? > > I have not encountered those yet.
They would be less likely in practice I expect, but clearly they're possible. >> More generally, why use find + tar? The combination >> seems inherently unsafe. An attacker with >> write access to the file system could cause the combination >> to archive the "wrong" file, for example. > > Because find has more possibilities to select a subset of files to save Which possibilities do you use in practice? Perhaps these can be added to 'tar'; that would avoid the security issues with the find+tar approach.
