bsdtar's security restrictions (was Re: Spurious EACCES errors
kientzle at freebsd.org
Sun Aug 15 15:21:50 PDT 2004
Kris Kennaway wrote:
> On Sun, Aug 15, 2004 at 01:51:24PM -0700, Tim Kientzle wrote:
>>>This is bad when some of those directories
>>>already exist, because other processes trying to access files in the
>>>directory hierarchy may lose the race and fail.
>>Give me some more details about your situation and I'll
>>see what I can come up with.
> I pull in packages from package build clients with
> ssh client tar | tar. It creates archives like this:
> packages/ is supposed to have these permissions:
> drwxr-xr-x 93 ports-i386 portmgr 2048 Aug 14 23:12 packages/
> But while the archive is being extracted it is changed to
> drwx------ 93 ports-i386 portmgr 2048 Aug 14 23:12 packages/
If you can change it to contain only the files
(and not the directories), then this should no
longer be a problem. As I mentioned earlier, the
editing of dir permissions is done for "packages/"
here because it's explicitly listed as an archive
In the meantime, I'll see about adding an option
to relax the security constraints for situations
More information about the freebsd-current