Re: bsdtar's security restrictions (was Re: Spurious EACCES errors from apache)

From: Kris Kennaway <kris_at_obsecurity.org>
Date: Sun, 15 Aug 2004 14:38:54 -0700
On Sun, Aug 15, 2004 at 02:36:51PM -0700, Matthew Dillon wrote:
> : > This is bad when some of those directories
> :> already exist, because other processes trying to access files in the
> :> directory hierarchy may lose the race and fail.
> :
> :<scratching head>  I don't think I understand what
> :exactly you're trying to do.
> :
> :You are extracting archives over an existing directory
> :that is currently being served by an Apache process in
> :order to refresh some (presumably) small number of files?
> :
> :Give me some more details about your situation and I'll
> :see what I can come up with.
> :
> :Tim
> 
>     Using tar for that sort of thing is a bad idea anyway, since tar (and
>     bsdtar) do not use the create-temporary/write/rename trick to atomically
>     replace files.  This means that a live server like a web server could
>     easily 'catch' files in the middle of being written, leading to odd 
>     errors.

No, my use is safe because I know the clients are not going to request
the files until they're all in place (because of the way jobs are
ordered).

Kris

Received on Sun Aug 15 2004 - 19:38:59 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:06 UTC