Hi! I find myself often doing things like "tar tf" followed by "tar xf", where the tf is only to ensure that the tar does contain a single subdirectory. Computers could do this check much more quickly, so I'd like to request an option for it.
I suggest a long name like "--new-dir", and whatever short name you
might find suitable for it, perhaps "-N" or "-B".
The option would ensure that the tarball
1. does create a single new directory
2. places all files inside that directory
I understand that tar operates on a stream and it would be infeasible to
inspect the whole archive before writing the files. So in more detail,
the operation should probably work like this (pseudocode):
dirName = NULL;
for (all entries) {
if (entry describes ".") // can this ever happen?
continue;
if (entry starts in "/" or uses "../" references)
die("tarbomb: bad path %s", entry path)
firstDir = first arc of entry path;
if (file directly inside base directory)
die ("tarbomb: file not inside any dir");
if (dirName == NULL) {
dirName = firstDir;
if (directory dirName exists)
die ("tarbomb: directory %s already exists", dirName);
create directory dirName;
}
else if (dirName != firstDir) {
recursively delete directory dirName;
die ("tarbomb: creates multiple directories");
}
unpack entry as usual;
}
if (dirName != NULL and --print-new-dir specified)
printf ("%s\n", dirName);
This would use the first entry as a specification of the directory to
create. Any later violation of the expected behaviour would cause tar to
clean up before exiting with an error message.
I also think printing the name of the newly created directory might be
useful under some circumstances, so I added an option for that as well.
What do you think? Has this been discussed before? Do you want a patch
for this? I'd be happy to write one, but employer disclaimer might be a
problem.
Please reply also by personal mail, as I don't follow this list.
Greetings,
Martin von Gagern
signature.asc
Description: OpenPGP digital signature
