mirrors/tar
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tar: extract symlink attributes, close some symlink-related races

Browse Source 
* NEWS: Describe symlink-extraction improvements.
* src/extract.c (enum permstatus): Remove.
(fchmod, fchown): Define dummy replacement macros if the system
does not supply them.
(implemented): New function.
(struct delayed_set_stat): Remove members invert_permissions,
permstatus.  They were too confusing, and tried to do too much
in too-little space.  Instead, add members current_mode,
current_mode_mask, interdir, atflag.  All users changed.
(struct delayed_link): Add members mode, atime, mtime, to support
platforms such as BSD where symlinks have these attributes.
All users changed.
(fd_chmod): Renamed from fdchmod.  New argument atflag.  Check for
operation not supported at run-time, not at configure-time.  Put
fd argument first.  All callers changed.
(fd_chown): Likewise, renaming from fdchown.
(fd_stat): Likewise, renaming from fdstat.
(set_mode): Remove args stat_info, cur_info, invert_permissions,
permstatus.  Add args mode, mode_mask, current_mode, current_mode_mask,
atflag.  All callers changed.  Close some races.  Use an easier-to
understand method for computing permissions.  Work around POSIX
incompatibility in Linux fchmodat.  Support extraction of symlink
modes, if the OS allows it.
(set_stat): Remove args cur_info, invert_permissions, permstatus.
Add args current_mode, current_mode_mask, interdir, atflag.
All callers changed.  Close some races.  Support extraction of
attributes on symlinks, if the OS allows it.
(delay_set_stat): Remove args invert_permissions, permstatus.
Add args current_mode, current_mode_mask, mode, atflag.
The ST arg can be null now, indicating that it's an intermediate
directory.  All callers changed.
(repair_delayed_set_stat, apply_nonancestor_delayed_set_stat):
Close some races.
(extract_dir): Also be paranoid if only --same-permissions, due
to semantics of setgid and setuid directories on some hosts.
This closes a race on those hosts.  Simplify calculation of
delay_set_stat arguments; the old code was truly strange and
probably wrong in some border cases.
(extract_dir, extract_file, extract_node, extract_fifo): Don't rely on
unspecified behavior in mode arg of open, mknod, etc.  Instead,
mask out those bits when creating the file, and add them later via
fchmod or chmodat.
(open_output_file): file_name is now const.  Add arg current_mode,
current_mode_mask.  All callers changed.  When overwriting old files,
refuse to overwrite something that is not a regular file, since
we're extracting a regular file.
(extract_file): Remove the FIXME comment.  Whatever the protection
issues were, they should be fixed now.  As a result of all the other
API changes, we now use fchmod etc. rather than chmod etc., closing
some races.
(create_placeholder_file, apply_delayed_links): Record desired
mode and times for symlinks, for OSes that support that.
This commit is contained in:
Paul Eggert
2010-09-17 10:43:35 -07:00
parent e3fdb78d4b
commit ea964cce81
2 changed files with 332 additions and 267 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
NEWS
View File

@@ -1,4 +1,4 @@
GNU tar NEWS - User visible changes. 2010-09-13
GNU tar NEWS - User visible changes. 2010-09-17
Please send GNU tar bug reports to <bug-tar@gnu.org>
@@ -17,12 +17,22 @@ Tar now checks for inconsistencies caused when a file system is
modified while tar is creating an archive. In the new approach, tar
maintains a cache of file descriptors to directories, so it uses more
file descriptors than before, but it adjusts to system limits on
the number of file descriptors. The new checks are implemented via
the openat, fdopendir, fstatat, and readlinkat calls
the number of file descriptors. Tar also takes more care when
a file system is modified while tar is extracting from an archive.
The new checks are implemented via the openat and related calls
standardized by POSIX.1-2008. On an older system where these calls do
not exist or do not return useful results, tar emulates the calls at
some cost in efficiency and reliability.
** Symbolic link attributes
When extracting symbolic links, tar now restores attributes such as
last-modified time and link permissions, if the operating system
supports this. For example, recent versions of the Linux kernel
support setting times on symlinks, and some BSD kernels also support
symlink permissions.
** Spurious error diagnostics on broken pipe.
When receiving SIGPIPE, tar would exit with error status and