Bug 1299018 - tar suffers race condition failure when simultaneous directory creates are attempted
Summary: tar suffers race condition failure when simultaneous directory creates are at...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: tar
Version: 6.7
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: ---
Assignee: Pavel Raiskup
QA Contact: qe-baseos-daemons
URL:
Whiteboard:
Depends On:
Blocks: 1269194
TreeView+ depends on / blocked
 
Reported: 2016-01-15 17:27 UTC by Martin Poole
Modified: 2019-11-14 07:19 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-07-25 12:48:48 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Martin Poole 2016-01-15 17:27:31 UTC 
Description of problem:

tar suffers from problems with race conditions in the case of directory creation due to the usual

   if (not_exists(dir) && mkdir(dir))
      fail

logic.

Fix was incorporated upstream with

Commit: 9447e799ab5faa6e8be43de4000e1061e0879242 [9447e79]
Parents: 502abd93bd
Author: Paul Eggert <eggert.edu>
Date: 16 October 2010 06:26:14 BST
Commit Date: 16 October 2010 06:26:43 BST

tar: use more-accurate diagnostic when intermediate mkdir fails

Without this change, if tar tried to extract a file A/B/C, noticed
that A/B didn't exist, attempted to mkdir A/B, and the mkdir
failed, it did not diagnose the mkdir failure, but simply reported
the failure to open A/B/C. This sometimes led to confusion
because it wasn't clear what tar was trying to do, in particular
that tar tried to mkdir A/B. With this patch, tar issues two
diagnostics in this case: one for A/B and the other for A/B/C.
Problem reported by Hauke Laging in
<http://lists.gnu.org/archive/html/bug-tar/2010-10/msg00020.html>.
* gnulib.modules: Remove faccessat.
* src/extract.c (make_directories): New arg INTERDIR_MADE.
Diagnose mkdir failure. Return 0 on success, nonzero on failure,
as opposed to nonzero iff some directory was created. All callers
changed. Simplify the code when mkdir fails, by checking whether
the desired file exists unless errno==EEXIST: this is more robust.
Comment 1 Pavel Raiskup 2016-07-25 12:01:39 UTC 
Martin, there has been at least dozen of patches related to this TOCTOU, the
major rewrite has IMO started by this patch:

        commit 4bde4f39d08f000f7e63a832b08a2525c1262f84
        Author:     Paul Eggert <eggert.edu>
        AuthorDate: Sat Sep 18 23:37:45 2010 -0700

            tar: prefer openat-style functions

http://git.savannah.gnu.org/cgit/tar.git/commit/?id=4bde4f39d08f000f

But that patch broke _a lot_ of assumptions, and people are still not sure
that the actual git HEAD of GNU tar is fixed after that "major" rewrite.

Backporting all of this to 1.23 would mean unacceptable risk of issues.  So
I'm not sure what exactly is the issue here:

  - is it the TOCTOU in general?  Then I would rather prefer WONTFIX in this
    case (as it is low severity) and suggest using RHEL7 -- should be in
    better shape.  Note that GNU tar documentation says that 'tar' should be
    run while there are no concurrent processes.

  - or are there some issues we need to fix by referenced patch?  If yes,
    please post reproducer/patch and we should try to discuss whether it is
    good time to work on the fix (but note we are in product phase 2).

Thanks, Pavel
Comment 3 Pavel Raiskup 2016-07-25 12:48:48 UTC 
Thanks for the update.
Note You need to log in before you can comment on or make changes to this bug.