From owner-freebsd-stable@FreeBSD.ORG Wed Oct 22 23:39:42 2014 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3A93C2D9 for ; Wed, 22 Oct 2014 23:39:42 +0000 (UTC) Received: from mta1.riverwillow.net.au (mta1.riverwillow.net.au [IPv6:2001:8000:1000:1801::36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mta1.riverwillow.net.au", Issuer "Riverwillow Root Certificate 2010-04-12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 829C739F for ; Wed, 22 Oct 2014 23:39:41 +0000 (UTC) Received: from mail1.riverwillow.net.au (mail1.riverwillow.net.au [IPv6:2001:8000:1000:1801::46]) by mta1.riverwillow.net.au (8.14.9/8.14.9) with ESMTP id s9MNdXLS037713 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Thu, 23 Oct 2014 10:39:33 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=riverwillow.com.au; s=mta1002; t=1414021173; bh=jHGPg/n9L7KH+2+GYhx9LenqSvgxifBKl4TIiU1jmQs=; h=Date:From:To:Subject:References:In-Reply-To; b=JG4eDKDMUvYJkEoep1BXdIdPU0nbu6CtHZilvWo8nH8F7lIlAqPYi23DdUX5zlzVG fHc3RwoIZKFMnLjprCiagFow4IBrNbhbESdN71H1vsiFxw1p25zmS+2Gvilo2hcUWt E/Cvcqm6bEksUygNo4i6mOLAouKoKK1PQHWYv+DQ= Received: from rwpc15.gfn.riverwillow.net.au (rwpc15.gfn.riverwillow.net.au [IPv6:2001:8000:1000:18e1:20c:76ff:fe0a:2117]) (authenticated bits=56) by mail1.riverwillow.net.au (8.14.9/8.14.9) with ESMTP id s9MNdRCI037710 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Thu, 23 Oct 2014 10:39:28 +1100 (AEDT) Date: Thu, 23 Oct 2014 10:39:26 +1100 From: John Marshall To: freebsd-stable@freebsd.org Subject: Re: 10.1-RC1 tar(1) spurious directory traversal permission error Message-ID: <20141022233926.GC4814@rwpc15.gfn.riverwillow.net.au> Mail-Followup-To: freebsd-stable@freebsd.org References: <20141020090424.GB1120@rwpc15.gfn.riverwillow.net.au> <20141020101306.GD1120@rwpc15.gfn.riverwillow.net.au> <20141020103617.GE1120@rwpc15.gfn.riverwillow.net.au> <20141022181845.GB79285@server.rulingia.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="KN5l+BnMqAQyZLvT" Content-Disposition: inline In-Reply-To: <20141022181845.GB79285@server.rulingia.com> OpenPGP: id=A29A84A2; url=http://pki.riverwillow.com.au/pgp/johnmarshall.asc User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Oct 2014 23:39:42 -0000 --KN5l+BnMqAQyZLvT Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, 23 Oct 2014, 05:18 +1100, Peter Jeremy wrote: > The directory traversal code in tar(1) in 10.x has changed to use openat(= 2) > instead of chdir(2). Unfortunately, it appears there's an off-by-one err= or > when popping back up the directory tree at the end and it winds up doing = an > openat(fd, "..", ...) > at a point where fd references the directory specified in the '-C' option= to > tar. If that directory (the parent of the one passed to -C) is unreadable > then it reports an error. To reproduce: Thanks, Peter, for the independent confirmation. The scenario of traversal-only access to the parent directory is common in a situation where the directory contains per-user subdirectories, and each user has no business knowing about any subdirectory but his own. The archive generated is fine, the user has full permission to the directory being archived, but tar(1) exits with an error status. I regard this regression as a bug. I have updated Bug 194477. --=20 John Marshall --KN5l+BnMqAQyZLvT Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlRIQC4ACgkQw/tAaKKahKJ8pwCglyj3zS4Q9jO9NWBHvIbu6vIp kM0AnjbQ10pRH6L3KWeqAig1MNzS5wS8 =TJYO -----END PGP SIGNATURE----- --KN5l+BnMqAQyZLvT--