[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug-tar] closed stderr can make tar corrupt its output archive
From: |
Jim Meyering |
Subject: |
[Bug-tar] closed stderr can make tar corrupt its output archive |
Date: |
Sat, 27 Aug 2005 22:09:18 +0200 |
If tar is run in the following manner:
- in --create mode, with a named target (i.e., not stdout),
- with stderr closed, and
- in a way that provokes tar to write a diagnostic,
then tar corrupts the named output archive by writing the diagnostic it.
Here's a demo:
$ rm -rf a; mkdir -p a/b; chmod 0 a/b; tar cf x.tar a 2>&-; \
head -c39 x.tar|grep tar: ; chmod -R 700 a; rm -rf a
tar: a: Cannot open: Permission denied
That shows that the first line of the created archive, x.tar,
is tar's own diagnostic.
Here's one way to fix it, but it's probably not complete, since the
part that pulls in the gnulib fcntl-safer module is in tar proper,
while the change to rmt.h (where fcntl--.h is actually used) is
in a separate module: paxutils. The dependency on the fcntl-safer
module needs to be associated with the file (e.g. rmt.h), not with
some random module.
Also, while this patch does seem to fix the problem I'm reporting,
I have not done a full audit. There are other uses of functions
like open, dup, pipe, etc., that require additional protection.
For example, there is a use of pipe(2) (you can guard it with
`#include "unistd--.h"' and use the unistd-safer module).
tar/ChangeLog:
2005-08-27 Jim Meyering <address@hidden>
* gnulib.modules: Add fcntl-safer.
paxutils/ChangeLog:
2005-08-27 Jim Meyering <address@hidden>
* lib/rmt.h: Include gnulib's "fcntl--.h" to protect uses of
open and creat against initially-closed file descriptors.
Index: gnulib.modules
===================================================================
RCS file: /cvsroot/tar/tar/gnulib.modules,v
retrieving revision 1.3
diff -u -p -r1.3 gnulib.modules
--- gnulib.modules 22 Jun 2005 06:24:39 -0000 1.3
+++ gnulib.modules 27 Aug 2005 19:28:19 -0000
@@ -8,6 +8,7 @@ backupfile
dirname
error
exclude
+fcntl-safer
fileblocks
fnmatch-gnu
ftruncate
Index: rmt.h
===================================================================
RCS file: /cvsroot/paxutils/paxutils/lib/rmt.h,v
retrieving revision 1.2
diff -u -p -r1.2 rmt.h
--- rmt.h 15 May 2005 06:34:49 -0000 1.2
+++ rmt.h 27 Aug 2005 19:25:19 -0000
@@ -1,6 +1,6 @@
/* Definitions for communicating with a remote tape drive.
- Copyright (C) 1988, 1992, 1996, 1997, 2001, 2003, 2004 Free
+ Copyright (C) 1988, 1992, 1996, 1997, 2001, 2003, 2004, 2005 Free
Software Foundation, Inc.
This program is free software; you can redistribute it and/or modify
@@ -19,6 +19,8 @@
extern char *rmt_command;
extern char *rmt_dev_name__;
+
+#include "fcntl--.h"
int rmt_open__ (const char *, int, int, const char *);
int rmt_close__ (int);
- [Bug-tar] closed stderr can make tar corrupt its output archive,
Jim Meyering <=
Re: [Bug-tar] closed stderr can make tar corrupt its output archive, Sergey Poznyakoff, 2005/08/28