Re: bin/55815: tar opens device files

[Joerg Sonnenberger <joerg%bec.de@localhost>]

On Sat, Jun 05, 2021 at 02:30:03PM +0000, Jason Thorpe wrote:
> The following reply was made to PR bin/55815; it has been noted by GNATS.
> 
> From: Jason Thorpe <thorpej%me.com@localhost>
> To: Christos Zoulas <christos%zoulas.com@localhost>
> Cc: gnats-bugs%netbsd.org@localhost,
>  gnats-admin%netbsd.org@localhost,
>  netbsd-bugs%netbsd.org@localhost,
>  "martin%netbsd.org@localhost" <martin%NetBSD.org@localhost>
> Subject: Re: bin/55815: tar opens device files
> Date: Sat, 5 Jun 2021 07:27:06 -0700
> 
>  > On Jun 5, 2021, at 7:18 AM, Christos Zoulas <christos%zoulas.com@localhost> =
>  wrote:
>  >=20
>  >=20
>  >>=20
>  >> If we=E2=80=99re talking about =E2=80=9Censure the file we=E2=80=99re =
>  opening is a regular file=E2=80=9D, won=E2=80=99t O_REGULAR do that you =
>  want?
>  >=20
>  > Yes, but that suffers from TOCTOA too:
>  >=20
>  > if (open(path, O_REGULAR) =3D=3D -1)
>  > 	fstat(path, &st);
>  >=20
>  > But that's probably good enough.
>  
>  Sorry, I was looking at your example of:
>  
>  	fd =3D open(...);
>  	fstat(...);
>  	if (device)
>  		bail;
>  
>  What's the point if stat'ing the path if opening with O_REGULAR fails?  =
>  Isn't the point here to prevent tar from opening device files?

If the opening with O_REGULAR fails, you are already in the side path
for objects you don't want to open. Fifos, Unix sockets, devices. This
whole discussion shouldn't be about tar either. The whole "open has side
effects" problem applies to many, many other programs, so it should
really be considered in this wider context... 

Joerg