Re: bin/55815: tar opens device files

[Joerg Sonnenberger <joerg%bec.de@localhost>]

The following reply was made to PR bin/55815; it has been noted by GNATS.

From: Joerg Sonnenberger <joerg%bec.de@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost, martin%NetBSD.org@localhost
Subject: Re: bin/55815: tar opens device files
Date: Sat, 5 Jun 2021 03:11:07 +0200

 On Fri, Jun 04, 2021 at 11:25:02PM +0000, David Holland wrote:
 > The following reply was made to PR bin/55815; it has been noted by GNATS.
 > 
 > From: David Holland <dholland-bugs%netbsd.org@localhost>
 > To: gnats-bugs%netbsd.org@localhost
 > Cc: 
 > Subject: Re: bin/55815: tar opens device files
 > Date: Fri, 4 Jun 2021 23:22:09 +0000
 > 
 >  On Fri, Jun 04, 2021 at 10:36:50PM +0200, Joerg Sonnenberger wrote:
 >   > >  However, it also seems foolish to pretend this is a real issue for
 >   > >  device nodes, so it seems like a perfectly adequate solution is for
 >   > >  tar to check for device nodes and not open them. Adding another open
 >   > >  mode seems like severe overkill. (O_NONBLOCK is sufficient for named
 >   > >  pipes.)
 >   > 
 >   > Checking for device nodes introduces TOCTOA problems though.
 >  
 >  Like I said, pretending that this is a real issue for device nodes is
 >  foolish. Use lstat (you have to anyway to tar up links); if it's a
 >  device, don't open it. Otherwise, open it with O_NOFOLLOW. If you then
 >  get a device anyway and your tape RAID starts rewinding 50 tapes at
 >  once, it's because root was screwing around. That's not our job to
 >  stop.
 
 Which part of TOCTOA wasn't clear?
 
 Joerg