Eric Blake <[email protected]> wrote: > >> On 01/05/12 14:59, Kamil Dudka wrote: > >>> Is there a known attack on tar that the use of O_NONBLOCK can prevent? > >> > >> Yes, of course. For example, the attacker can create a > >> hard link to a fifo while tar is running, which means that > >> root doing a backup will hang indefinitely. > > > > star does not open FIFO files..... > > Yes, it probably does. From your description, it sounds like star is > using a stat() before open() to avoid FIFOs; but this is a classic > TOCTTOU race where an attacker can replace a regular file with a FIFO, > meaning that star will open FIFO files.
O_NONBLOCK cannot prevent attacks..... The way gtar is implemented, gtar will just prevent a gtar block when somebody tries to run a related attack. I believe that is is OK, when a tar implementation may hang as a result of an attemt to run an attack. > > Why should gtar open FIFO files? > > The question is not why an archiver opens a FIFO file, but what it does > after opening a file O_NONBLOCK (the TOCTTOU race is eliminated by > switching stat()/open() to open()/fstat() filtering, and once we have > ascertained that an open fd is not a FIFO, if we can then use fcntl() to > remove the O_NONBLOCK, hopefully that will resolve the situation with DMF). >From the mail from the OP, this will still trigger the problem as the open >will already return EWOULDBLOCK instead of fetching the file from the background storage. Jörg -- EMail:[email protected] (home) Jörg Schilling D-13353 Berlin [email protected] (uni) [email protected] (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily
