| Summary: | tar suffers race condition failure when simultaneous directory creates are attempted | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Martin Poole <mpoole> |
| Component: | tar | Assignee: | Pavel Raiskup <praiskup> |
| Status: | CLOSED WONTFIX | QA Contact: | qe-baseos-daemons |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 6.7 | CC: | mpoole |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-07-25 12:48:48 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Bug Depends On: | |||
| Bug Blocks: | 1269194 | ||
Martin, there has been at least dozen of patches related to this TOCTOU, the
major rewrite has IMO started by this patch:
commit 4bde4f39d08f000f7e63a832b08a2525c1262f84
Author: Paul Eggert <eggert.edu>
AuthorDate: Sat Sep 18 23:37:45 2010 -0700
tar: prefer openat-style functions
http://git.savannah.gnu.org/cgit/tar.git/commit/?id=4bde4f39d08f000f
But that patch broke _a lot_ of assumptions, and people are still not sure
that the actual git HEAD of GNU tar is fixed after that "major" rewrite.
Backporting all of this to 1.23 would mean unacceptable risk of issues. So
I'm not sure what exactly is the issue here:
- is it the TOCTOU in general? Then I would rather prefer WONTFIX in this
case (as it is low severity) and suggest using RHEL7 -- should be in
better shape. Note that GNU tar documentation says that 'tar' should be
run while there are no concurrent processes.
- or are there some issues we need to fix by referenced patch? If yes,
please post reproducer/patch and we should try to discuss whether it is
good time to work on the fix (but note we are in product phase 2).
Thanks, Pavel
Thanks for the update. |
Description of problem: tar suffers from problems with race conditions in the case of directory creation due to the usual if (not_exists(dir) && mkdir(dir)) fail logic. Fix was incorporated upstream with Commit: 9447e799ab5faa6e8be43de4000e1061e0879242 [9447e79] Parents: 502abd93bd Author: Paul Eggert <eggert.edu> Date: 16 October 2010 06:26:14 BST Commit Date: 16 October 2010 06:26:43 BST tar: use more-accurate diagnostic when intermediate mkdir fails Without this change, if tar tried to extract a file A/B/C, noticed that A/B didn't exist, attempted to mkdir A/B, and the mkdir failed, it did not diagnose the mkdir failure, but simply reported the failure to open A/B/C. This sometimes led to confusion because it wasn't clear what tar was trying to do, in particular that tar tried to mkdir A/B. With this patch, tar issues two diagnostics in this case: one for A/B and the other for A/B/C. Problem reported by Hauke Laging in <http://lists.gnu.org/archive/html/bug-tar/2010-10/msg00020.html>. * gnulib.modules: Remove faccessat. * src/extract.c (make_directories): New arg INTERDIR_MADE. Diagnose mkdir failure. Return 0 on success, nonzero on failure, as opposed to nonzero iff some directory was created. All callers changed. Simplify the code when mkdir fails, by checking whether the desired file exists unless errno==EEXIST: this is more robust.