netbsd-bugs: bin/35257: tar(1) opens excluded files

Subject: bin/35257: tar(1) opens excluded files
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org>
From: Andreas Gustafsson <gson@gson.org>
List: netbsd-bugs
Date: 12/14/2006 18:50:00

>Number:         35257
>Category:       bin
>Synopsis:       tar(1) opens excluded files
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Dec 14 18:50:00 +0000 2006
>Originator:     Andreas Gustafsson
>Release:        NetBSD 4.99.3
>Organization:
>Environment:
System: NetBSD guava.gson.org 4.99.3 NetBSD 4.99.3 (GENERIC) #0: Mon Sep 25 00:54:38 EEST 2006 root@guru.araneus.fi:/usr/build/1007/obj/sys/arch/i386/compile/GENERIC i386
Architecture: i386
Machine: i386
>Description:

When a file is excluded from a tar archive using the --exclude-from
option to the tar(1) command, an attempt is nevertheless made to open
the file.  If the file can't be opened, an error message to that
effect is printed, which is confusing because it makes it appear as if
the file is not actually being excluded.

For example, if a procfs is mounted with "-o linux" and you try to
back up the parent file system using tar, you will get error messages
about files on the procfs even if you exclude it from the backup using
--exclude-from.

GNU tar does not exhibit this behavior.

>How-To-Repeat:

Run the following shell script as root:

    mkdir -p test/emul/linux/proc
    mount -t procfs -o linux procfs test/emul/linux/proc
    echo "./emul/linux" >excludes
    ( cd test && tar --exclude-from ../excludes -c -f - . | tar tfv - )
    umount test/emul/linux/proc

Notice how tar prints error messages similar to the following:

   tar: Unable to access ./emul/linux/proc/19829/fd/7 (Bad file descriptor)
   tar: Unable to access ./emul/linux/proc/19327/fd/7 (Bad file descriptor)

Here is another test case which doesn't involve procfs and should be
run as a non-root user:

   mkdir -p test/foo
   touch test/foo/a
   touch test/foo/b
   chmod 000 test/foo/b
   echo "./foo" >excludes
   ( cd test && tar --exclude-from ../excludes -c -f - . | tar tfv - )

Notice how tar prints the error message

   tar: Unable to open ./foo/b to read (Permission denied)

even though both foo/a and foo/b are successfully excluded
from the archive.

>Fix:

None provided.