Re: [Bug-tar] add --ignore-missing to ignore missing input files

[Nathan Stratton Treadway]

On Thu, Apr 19, 2012 at 16:27:42 -0700, Paul Eggert wrote:
> On 04/19/2012 08:05 AM, Stefan Tomanek wrote:
> > +  if (ignore_failed_read_option || (errno == ENOENT && 
> > ignore_missing_option))
> 
> Why just ENOENT?  Can't similar race conditions also
> generate errno values like ELOOP, EACCESS, ENOTDIR?
> 
> More generally, why use find + tar?  The combination
> seems inherently unsafe.  An attacker with
> write access to the file system could cause the combination
> to archive the "wrong" file, for example.

A few thoughts from the point of view of a "casual observer" after
reading through this thread:

  * Using "find" is an easy way to generate lots of files to be
    processed and thus increase the chances that some will be deleted
    while tar is running... but it seems like it could just as easily
    happen using shell wildcards directly on the tar command line. (That
    is, the wildcard could expanded to a number of files and some of them
    might disappear while tar was processing the earlier files in the
    argument list.)

    So the issue isn't really specific to "find", but applies to any
    case where you build a list of files-to-process at the start of the
    tar invocation but some of those files might go away during that tar
    run.

  * I think Stefan's point is that in this case he _expects_ ENOENT to
    happen sometimes, but he doesn't expect those other conditions to
    occur.  If he wants to ignore all read errors he can already used
    --ignore-failed-read, but it seems that what he's looking for now is
    a way to actually be more selective regarding which conditions are
    converted from "error" to "warning".

  * As far as I can tell looking through tar's WARN/ERROR macros,
    Stefan's patch doesn't actually change what files do or don't get
    backed up, or even whether a warning message is printed about the
    missing files, but only what the tar processes's exit status is set
    to when the run is finished.
    
  
Off-hand, I can imagine situations where I might make use of this
functionality myself, and from what I can see --ignore-missing would 
be a "safer" choice than --ignore-failed-read in those situations....  

(I could perhaps see an argument that tar is starting to get too many
--ignore-* options, but I don't know if it makes sense to switch to an
"--ignore=KEYWORD" style option at this point....)

                                                Nathan
  
----------------------------------------------------------------------------
Nathan Stratton Treadway  -  address@hidden  -  Mid-Atlantic region
Ray Ontko & Co.  -  Software consulting services  -   http://www.ontko.com/
 GPG Key: http://www.ontko.com/~nathanst/gpg_key.txt   ID: 1023D/ECFB6239
 Key fingerprint = 6AD8 485E 20B9 5C71 231C  0C32 15F3 ADCD ECFB 6239