Re: bin/55815: tar opens device files

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,martin%NetBSD.org@localhost
Subject: Re: bin/55815: tar opens device files
From: Jason Thorpe <thorpej%me.com@localhost>
Date: Sat, 5 Jun 2021 14:15:03 +0000 (UTC)

The following reply was made to PR bin/55815; it has been noted by GNATS.

From: Jason Thorpe <thorpej%me.com@localhost>
To: Christos Zoulas <christos%zoulas.com@localhost>
Cc: gnats-bugs%netbsd.org@localhost,
 gnats-admin%netbsd.org@localhost,
 netbsd-bugs%netbsd.org@localhost,
 "martin%netbsd.org@localhost" <martin%NetBSD.org@localhost>
Subject: Re: bin/55815: tar opens device files
Date: Sat, 5 Jun 2021 07:14:39 -0700

 > On Jun 5, 2021, at 6:17 AM, Christos Zoulas <christos%zoulas.com@localhost> =
 wrote:
 >=20
 > Well, if you want to avoid TOCTOA, you need something like linux's =
 O_PATH
 > which opens the file for "stat" like access only. But even linux does =
 not have
 > a way to "upgrade" that fd to be able to read, short of:
 >=20
 > fd =3D open(path, O_PATH);
 > fstat(fd, &st);
 > if (is a device)
 > 	bail;
 > snprintf(buf, sizeof(buf), "/proc/self/fds/%d", fd);
 > nfd =3D open(buf, O_RDONLY);
 >=20
 > We do have O_EXEC, but I am not sure if that is the same as O_PATH (if =
 it
 > does not really open the device)
 
 If we=E2=80=99re talking about =E2=80=9Censure the file we=E2=80=99re =
 opening is a regular file=E2=80=9D, won=E2=80=99t O_REGULAR do that you =
 want?
 
 -- thorpej

Prev by Date: Re: bin/55815: tar opens device files
Next by Date: Re: bin/55815: tar opens device files
Previous by Thread: Re: bin/55815: tar opens device files
Next by Thread: Re: bin/55815: tar opens device files
Indexes:

Home | Main Index | Thread Index | Old Index