Your message dated Tue, 24 Jun 2008 10:49:45 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Re: Bug#487800: tar -f /dev/mt0 creates huge file mt0 under
/dev when device is not present
has caused the Debian Bug report #487800,
regarding tar -f /dev/mt0 creates huge file mt0 under /dev when device is not
present
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
487800: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487800
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: tar
Version: 1.14-2.4
Severity: grave
Tags: security
Justification: renders package unusable
# cd /; tar -f /dev/mt0 etc var usr home
behaved unexpectedly. There wasn't a device /dev/mt0, but instead backup
was created in regular file until the partition was filled.
This behavior is misleading, and a security hole, because the
administrator can be left thinking he backed up the system, while in
effect he backed it up to his own disk, and ends with nothing on tape.
Some warning ought to be issued that /dev/ddn is accessed and there is no
such device, as it is unexpected behavior to create huge tarballs under
/dev.
Rgds,
[EMAIL PROTECTED]
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.24.2-grsec
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages tar depends on:
ii libc6 2.3.2.ds1-22sarge6 GNU C Library: Shared libraries an
-- no debconf information
--- End Message ---
--- Begin Message ---
On Tue, 2008-06-24 at 10:22 +0200, Mirsad Todorovac wrote:
> Package: tar
> Version: 1.14-2.4
> Severity: grave
> Tags: security
> Justification: renders package unusable
I'm sorry, but this isn't a bug... much less a problem that "renders
package unusable".
> behaved unexpectedly. There wasn't a device /dev/mt0, but instead backup
> was created in regular file until the partition was filled.
It appears from your description that tar behaved exactly as intended
and documented. The documentation for the -f option makes it clear that
the argument can be either a file or a device. I'm sorry you were
confused about what to expect and got a result other than what you
wanted, but that doesn't make it a bug.
There's nothing "magic" about using a device versus some other file with
tar. In fact, I suspect many more uses of tar involve archives in files
than on different physical media.
> Some warning ought to be issued that /dev/ddn is accessed and there is no
> such device, as it is unexpected behavior to create huge tarballs under
> /dev.
As far as tar is concerned, there is no difference. If you need this or
other checks, write a script that calls tar. Or perhaps you might be
happier using one of the more sophisticated system backup tools that
layers additional behaviors on top of tar? There are several packaged
for Debian.
There's an old saying that I think applies here. "If it hurts when you
hold your arm that way, then don't hold your arm that way."
Bdale
--- End Message ---
