From owner-freebsd-current@FreeBSD.ORG Sun Aug 15 21:38:59 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9F3A216A4CE; Sun, 15 Aug 2004 21:38:59 +0000 (GMT) Received: from ylpvm01.prodigy.net (ylpvm01-ext.prodigy.net [207.115.57.32]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5902F43D31; Sun, 15 Aug 2004 21:38:59 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (adsl-67-115-74-195.dsl.lsan03.pacbell.net [67.115.74.195]) i7FLctZn009356; Sun, 15 Aug 2004 17:38:55 -0400 Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id C67C95139B; Sun, 15 Aug 2004 14:38:54 -0700 (PDT) Date: Sun, 15 Aug 2004 14:38:54 -0700 From: Kris Kennaway To: Matthew Dillon Message-ID: <20040815213854.GA22381@xor.obsecurity.org> References: <20040813235434.GA75875@xor.obsecurity.org> <20040814063541.GA43063@xor.obsecurity.org> <411FCCCC.8040508@freebsd.org> <200408152136.i7FLapSg024733@apollo.backplane.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="fdj2RfSjLxBAspz7" Content-Disposition: inline In-Reply-To: <200408152136.i7FLapSg024733@apollo.backplane.com> User-Agent: Mutt/1.4.2.1i cc: Tim Kientzle cc: current@freebsd.org cc: Kris Kennaway Subject: Re: bsdtar's security restrictions (was Re: Spurious EACCES errors from apache) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Aug 2004 21:38:59 -0000 --fdj2RfSjLxBAspz7 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Aug 15, 2004 at 02:36:51PM -0700, Matthew Dillon wrote: > : > This is bad when some of those directories > :> already exist, because other processes trying to access files in the > :> directory hierarchy may lose the race and fail. > : > : I don't think I understand what > :exactly you're trying to do. > : > :You are extracting archives over an existing directory > :that is currently being served by an Apache process in > :order to refresh some (presumably) small number of files? > : > :Give me some more details about your situation and I'll > :see what I can come up with. > : > :Tim >=20 > Using tar for that sort of thing is a bad idea anyway, since tar (and > bsdtar) do not use the create-temporary/write/rename trick to atomica= lly > replace files. This means that a live server like a web server could > easily 'catch' files in the middle of being written, leading to odd= =20 > errors. No, my use is safe because I know the clients are not going to request the files until they're all in place (because of the way jobs are ordered). Kris --fdj2RfSjLxBAspz7 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (FreeBSD) iD8DBQFBH9fuWry0BWjoQKURApvsAJ9UtrkEWOJeDiSxKE9MEZ/Km6JT5wCfRT1n th/BVsyIzF4KzITa6eObZPc= =tPIZ -----END PGP SIGNATURE----- --fdj2RfSjLxBAspz7--