Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 15 Aug 2004 14:38:54 -0700
From:      Kris Kennaway <kris@obsecurity.org>
To:        Matthew Dillon <dillon@apollo.backplane.com>
Cc:        Kris Kennaway <kris@obsecurity.org>
Subject:   Re: bsdtar's security restrictions (was Re: Spurious EACCES errors from apache)
Message-ID:  <20040815213854.GA22381@xor.obsecurity.org>
In-Reply-To: <200408152136.i7FLapSg024733@apollo.backplane.com>
References:  <20040813235434.GA75875@xor.obsecurity.org> <20040814063541.GA43063@xor.obsecurity.org> <411FCCCC.8040508@freebsd.org> <200408152136.i7FLapSg024733@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--fdj2RfSjLxBAspz7
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Aug 15, 2004 at 02:36:51PM -0700, Matthew Dillon wrote:
> : > This is bad when some of those directories
> :> already exist, because other processes trying to access files in the
> :> directory hierarchy may lose the race and fail.
> :
> :<scratching head>  I don't think I understand what
> :exactly you're trying to do.
> :
> :You are extracting archives over an existing directory
> :that is currently being served by an Apache process in
> :order to refresh some (presumably) small number of files?
> :
> :Give me some more details about your situation and I'll
> :see what I can come up with.
> :
> :Tim
>=20
>     Using tar for that sort of thing is a bad idea anyway, since tar (and
>     bsdtar) do not use the create-temporary/write/rename trick to atomica=
lly
>     replace files.  This means that a live server like a web server could
>     easily 'catch' files in the middle of being written, leading to odd=
=20
>     errors.

No, my use is safe because I know the clients are not going to request
the files until they're all in place (because of the way jobs are
ordered).

Kris

--fdj2RfSjLxBAspz7
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (FreeBSD)

iD8DBQFBH9fuWry0BWjoQKURApvsAJ9UtrkEWOJeDiSxKE9MEZ/Km6JT5wCfRT1n
th/BVsyIzF4KzITa6eObZPc=
=tPIZ
-----END PGP SIGNATURE-----

--fdj2RfSjLxBAspz7--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040815213854.GA22381>