bsdtar's security restrictions (was Re: Spurious EACCES errors from apache)

From: Tim Kientzle <kientzle_at_freebsd.org>
Date: Sun, 15 Aug 2004 13:51:24 -0700
Kris Kennaway wrote:
> On Fri, Aug 13, 2004 at 04:54:34PM -0700, Kris Kennaway wrote:
> 
>>Since a recent world+kernel update, apache is frequently reporting
>>errors like:
>>
>> ... (13)Permission denied: access to /errorlogs/i386-4-packages-latest/All/pkgconfig-0.15.0_1.tgz failed because search permissions are missing on a component of the path
>
> With help from rwatson we tracked it down to bsdtar, which seems to be
> setting and resetting permissions on every path component when
> extracting a tarball. 

Yes, bsdtar does protect dirs that it is currently
extracting to in an attempt to close certain security
races.  (Otherwise, there are windows during
the process of setting permissions, ownership,
ACLs, file flags, etc, when a file being
extracted may be vulnerable to another process.)

This is done for any directory explicitly mentioned
in the archive and any implicit directory that
is actually created.  Directories that already
exist and are only referenced implicitly shouldn't
have their permissions edited.

 > This is bad when some of those directories
> already exist, because other processes trying to access files in the
> directory hierarchy may lose the race and fail.

<scratching head>  I don't think I understand what
exactly you're trying to do.

You are extracting archives over an existing directory
that is currently being served by an Apache process in
order to refresh some (presumably) small number of files?

Give me some more details about your situation and I'll
see what I can come up with.

Tim
Received on Sun Aug 15 2004 - 18:51:26 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:06 UTC