Re: [Bug-tar] [PATCH] add --ignore-missing to ignore missing input files

bug-tar

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-tar] [PATCH] add --ignore-missing to ignore missing input files

From:	Paul Eggert
Subject:	Re: [Bug-tar] [PATCH] add --ignore-missing to ignore missing input files
Date:	Fri, 20 Apr 2012 19:01:59 -0700
User-agent:	Mozilla/5.0 (X11; Linux i686; rv:11.0) Gecko/20120329 Thunderbird/11.0.1

On 04/20/2012 03:30 PM, Stefan Tomanek wrote:
> Is there any argument against the original patch

Well, sure: it is a hack that doesn't solve
the problem, and it might lead to similar
future workaround hacks that will continue to
increase tar's complexity and still not solve
the problem.

And besides, it sounds like 'tar' can handle
the situation in question, or something pretty close
to it, without needing any changes.

> Can you elaborate on the possible attack scenario?

I don't have a specific scenario, no, since I don't
know the exact situation.  But the basic problem is a
race condition between the time the file is chosen by 'find'
to dump (or to not dump), and the time the file name is
presented to 'tar'.  I worry that an attacker could cause
victim files to not be dumped, or conversely could cause
files to be dumped when they should not be.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-tar] [PATCH] add --ignore-missing to ignore missing input files, Stefan Tomanek, 2012/04/19
- Re: [Bug-tar] [PATCH] add --ignore-missing to ignore missing input files, Paul Eggert, 2012/04/19
  - Re: [Bug-tar] [PATCH] add --ignore-missing to ignore missing input files, Stefan Tomanek, 2012/04/20
    - Re: [Bug-tar] [PATCH] add --ignore-missing to ignore missing input files, Paul Eggert, 2012/04/20
    - Re: [Bug-tar] [PATCH] add --ignore-missing to ignore missing input files, Stefan Tomanek, 2012/04/20
    - Re: [Bug-tar] [PATCH] add --ignore-missing to ignore missing input files, Paul Eggert, 2012/04/20
    - Re: [Bug-tar] [PATCH] add --ignore-missing to ignore missing input files, Stefan Tomanek, 2012/04/20
    - Re: [Bug-tar] [PATCH] add --ignore-missing to ignore missing input files, Paul Eggert <=
    - Re: [Bug-tar] [PATCH] add --ignore-missing to ignore missing input files, Stefan Tomanek, 2012/04/21
    - Re: [Bug-tar] [PATCH] add --ignore-missing to ignore missing input files, Joerg Schilling, 2012/04/21
    - Re: [Bug-tar] [PATCH] add --ignore-missing to ignore missing input files, Paul Eggert, 2012/04/21
    - Re: [Bug-tar] [PATCH] add --ignore-missing to ignore missing input files, Joerg Schilling, 2012/04/22
    - Re: [Bug-tar] [PATCH] add --ignore-missing to ignore missing input files, Paul Eggert, 2012/04/22
    - Re: [Bug-tar] [PATCH] add --ignore-missing to ignore missing input files, Joerg Schilling, 2012/04/22
  - Re: [Bug-tar] [PATCH] add --ignore-missing to ignore missing input files, Joerg Schilling, 2012/04/20
  - Re: [Bug-tar] add --ignore-missing to ignore missing input files, Nathan Stratton Treadway, 2012/04/24
    - Re: [Bug-tar] add --ignore-missing to ignore missing input files, Paul Eggert, 2012/04/25
    - Re: [Bug-tar] add --ignore-missing to ignore missing input files, Nathan Stratton Treadway, 2012/04/26

Prev by Date: Re: [Bug-tar] [PATCH] add --ignore-missing to ignore missing input files
Next by Date: Re: [Bug-tar] [PATCH] add --ignore-missing to ignore missing input files
Previous by thread: Re: [Bug-tar] [PATCH] add --ignore-missing to ignore missing input files
Next by thread: Re: [Bug-tar] [PATCH] add --ignore-missing to ignore missing input files
Index(es):
- Date
- Thread