10.1-RC1 tar(1) spurious directory traversal permission error
Peter Jeremy
peter at rulingia.com
Wed Oct 22 18:22:14 UTC 2014
On 2014-Oct-20 21:36:17 +1100, John Marshall <john.marshall at riverwillow.com.au> wrote:
>On Mon, 20 Oct 2014, 21:13 +1100, John Marshall wrote:
>> On Mon, 20 Oct 2014, 11:22 +0200, Ronald Klop wrote:
>> > Maybe the output of 'truss -o /tmp/truss.txt tar -czf dtt.tgz -C
>> > /data/tftp/thlan .' gives interesting information about what is exactly
>> > giving the permission denied.
>
>> $ truss -o /tmp/truss.txt tar -czf dtt.tgz -C /data/tftp/thlan .
>> tar: .: Unable to continue traversing directory tree: Permission denied
>> tar: Error exit delayed from previous errors.
>> truss: can not get etype: No such process
>> $
The directory traversal code in tar(1) in 10.x has changed to use openat(2)
instead of chdir(2). Unfortunately, it appears there's an off-by-one error
when popping back up the directory tree at the end and it winds up doing an
openat(fd, "..", ...)
at a point where fd references the directory specified in the '-C' option to
tar. If that directory (the parent of the one passed to -C) is unreadable
then it reports an error. To reproduce:
server% cd /tmp
server% chmod 755 t1
server% rm -r t1
server% mkdir -p t1/t2/{a,b}
server% touch t1/t2/{a,b}/{f1,f2}
server% tar -cvf /dev/null -C /tmp/t1/t2 .
a .
a ./b
a ./a
a ./a/f1
a ./a/f2
a ./b/f1
a ./b/f2
server% chmod 111 t1
server% tar -cvf /dev/null -C /tmp/t1/t2 .
a .
a ./b
a ./a
a ./a/f1
a ./a/f2
a ./b/f1
a ./b/f2
tar: .: Unable to continue traversing directory tree: Permission denied
tar: Error exit delayed from previous errors.
server%
--
Peter Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 949 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20141023/25a12128/attachment.sig>
More information about the freebsd-stable
mailing list