Re: [Bug-tar] opening files with O_NONBLOCK causes problems

[Joerg Schilling]

Eric Blake <address@hidden> wrote:

> >> On 01/05/12 14:59, Kamil Dudka wrote:
> >>> Is there a known attack on tar that the use of O_NONBLOCK can prevent?  
> >>
> >> Yes, of course.  For example, the attacker can create a
> >> hard link to a fifo while tar is running, which means that
> >> root doing a backup will hang indefinitely.
> > 
> > star does not open FIFO files.....
>
> Yes, it probably does.  From your description, it sounds like star is
> using a stat() before open() to avoid FIFOs; but this is a classic
> TOCTTOU race where an attacker can replace a regular file with a FIFO,
> meaning that star will open FIFO files.

O_NONBLOCK cannot prevent attacks.....

The way gtar is implemented, gtar will just prevent a gtar block when somebody 
tries to run a related attack. I believe that is is OK, when a tar 
implementation may hang as a result of an attemt to run an attack.


> > Why should gtar open FIFO files?
>
> The question is not why an archiver opens a FIFO file, but what it does
> after opening a file O_NONBLOCK (the TOCTTOU race is eliminated by
> switching stat()/open() to open()/fstat() filtering, and once we have
> ascertained that an open fd is not a FIFO, if we can then use fcntl() to
> remove the O_NONBLOCK, hopefully that will resolve the situation with DMF).

>From the mail from the OP, this will still trigger the problem as the open 
>will 
already return EWOULDBLOCK instead of fetching the file from the background 
storage.

Jörg

-- 
 EMail:address@hidden (home) Jörg Schilling D-13353 Berlin
       address@hidden                (uni)  
       address@hidden (work) Blog: http://schily.blogspot.com/
 URL:  http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily