Bug 1299018 - tar suffers race condition failure when simultaneous directory creates are attempted
tar suffers race condition failure when simultaneous directory creates are at...
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: tar (Show other bugs)
Unspecified Unspecified
medium Severity medium
: rc
: ---
Assigned To: Pavel Raiskup
Depends On:
Blocks: 1269194
  Show dependency treegraph
Reported: 2016-01-15 12:27 EST by Martin Poole
Modified: 2016-07-25 08:48 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-07-25 08:48:48 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Martin Poole 2016-01-15 12:27:31 EST
Description of problem:

tar suffers from problems with race conditions in the case of directory creation due to the usual

   if (not_exists(dir) && mkdir(dir))


Fix was incorporated upstream with

Commit: 9447e799ab5faa6e8be43de4000e1061e0879242 [9447e79]
Parents: 502abd93bd
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: 16 October 2010 06:26:14 BST
Commit Date: 16 October 2010 06:26:43 BST

tar: use more-accurate diagnostic when intermediate mkdir fails

Without this change, if tar tried to extract a file A/B/C, noticed
that A/B didn't exist, attempted to mkdir A/B, and the mkdir
failed, it did not diagnose the mkdir failure, but simply reported
the failure to open A/B/C. This sometimes led to confusion
because it wasn't clear what tar was trying to do, in particular
that tar tried to mkdir A/B. With this patch, tar issues two
diagnostics in this case: one for A/B and the other for A/B/C.
Problem reported by Hauke Laging in
* gnulib.modules: Remove faccessat.
* src/extract.c (make_directories): New arg INTERDIR_MADE.
Diagnose mkdir failure. Return 0 on success, nonzero on failure,
as opposed to nonzero iff some directory was created. All callers
changed. Simplify the code when mkdir fails, by checking whether
the desired file exists unless errno==EEXIST: this is more robust.
Comment 1 Pavel Raiskup 2016-07-25 08:01:39 EDT
Martin, there has been at least dozen of patches related to this TOCTOU, the
major rewrite has IMO started by this patch:

        commit 4bde4f39d08f000f7e63a832b08a2525c1262f84
        Author:     Paul Eggert <eggert@cs.ucla.edu>
        AuthorDate: Sat Sep 18 23:37:45 2010 -0700

            tar: prefer openat-style functions


But that patch broke _a lot_ of assumptions, and people are still not sure
that the actual git HEAD of GNU tar is fixed after that "major" rewrite.

Backporting all of this to 1.23 would mean unacceptable risk of issues.  So
I'm not sure what exactly is the issue here:

  - is it the TOCTOU in general?  Then I would rather prefer WONTFIX in this
    case (as it is low severity) and suggest using RHEL7 -- should be in
    better shape.  Note that GNU tar documentation says that 'tar' should be
    run while there are no concurrent processes.

  - or are there some issues we need to fix by referenced patch?  If yes,
    please post reproducer/patch and we should try to discuss whether it is
    good time to work on the fix (but note we are in product phase 2).

Thanks, Pavel
Comment 3 Pavel Raiskup 2016-07-25 08:48:48 EDT
Thanks for the update.

Note You need to log in before you can comment on or make changes to this bug.