bsdtar's security restrictions (was Re: Spurious EACCES errors
from apache)
Kris Kennaway
kris at obsecurity.org
Sun Aug 15 14:38:59 PDT 2004
On Sun, Aug 15, 2004 at 02:36:51PM -0700, Matthew Dillon wrote:
> : > This is bad when some of those directories
> :> already exist, because other processes trying to access files in the
> :> directory hierarchy may lose the race and fail.
> :
> :<scratching head> I don't think I understand what
> :exactly you're trying to do.
> :
> :You are extracting archives over an existing directory
> :that is currently being served by an Apache process in
> :order to refresh some (presumably) small number of files?
> :
> :Give me some more details about your situation and I'll
> :see what I can come up with.
> :
> :Tim
>
> Using tar for that sort of thing is a bad idea anyway, since tar (and
> bsdtar) do not use the create-temporary/write/rename trick to atomically
> replace files. This means that a live server like a web server could
> easily 'catch' files in the middle of being written, leading to odd
> errors.
No, my use is safe because I know the clients are not going to request
the files until they're all in place (because of the way jobs are
ordered).
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20040815/1d4dce33/attachment.bin
More information about the freebsd-current
mailing list