Don Cragun <don.cragun at sun.com> wrote:
> >Date: Wed, 15 Aug 2007 19:50:25 +0200
> >From: Joerg.Schilling at fokus.fraunhofer.de (Joerg Schilling)
> >
> ... ... ...
> >
> >If interface stability is really important for OpenSolaris, then tar(1),
> >cpio(1) and pax(1) cannot implement an incomatible way of handling the -/
> >option. The option -/ (introduced in 1994) has the following meaning:
> >
> > -/ Don't strip leading slashes from file names when
> > extracting an archive. Tar archives containing abso-
> > lute pathnames are usually a bad idea. With other tar
> > implementations, they may possibly never be extracted
> > without clobbering existing files. Star for that rea-
> > son, by default strips leading slashes from filenames
> > when in extract mode. As it may be impossible to
> > create an archive where leading slashes have been
> > stripped while retaining correct path names, star does
> > not strip leading slashes in create mode.
>
> J?rg,
> The only way these four cases (PSARC/2007/459 [cpio, pax, &
> tar], 423 [compress, cp, pack, uncompress, & unpack], 410 [chmod], and
> 394 [ls]) create any incompatibility with star is if star is intended
> to replace cpio, pax, or tar. When you chose to add -/ to star, you
> guaranteed that star could NEVER replace tar, cpio, or pax in /usr/bin
This is if course incorrect: When _you_ chose to add -/ to Sun's current
tar/cpio/pax implementation, you plan to boycott a possible future integration
of an star based implemention to replace the old Sun programs. This is because
_you_ chose to deliberately add an incompatible interface.
> (which supply behavior conforming to SVID3, XPG3, XPG4, SUS, SUSv2,
> SUSv3 and all of the POSIX standards). Stripping leading slashes from
> absolute pathnames (by default) as files are extracted from archives
> violates standards requirements for all of these utilities.
This is a hazardous claim. I know of no part of the POSIX standard that
prevents tar/cpio/pax from implementing a security aware behavior by default.
It seems that you also know this - otherwise you could give a pointer that
proves your claim.
In fact, the behavior of the current Sun implementaions for tar/cpio/pax
allow people to easily attack the integrity of Solaris installation by adding
simple hand-crafted changes into tar or cpio archives that are going to be
unpacked by the administrator with sufficient privileges.
Star and it's different CLI implementations just care anbout vulnerability
issues from hand crafted archives or archives that have been created in a
problematic way by accident, the current Sun implementations of the same
programs ignore this problem.
> Since star cannot replace tar, cpio, or pax without changing
> the default behavior of star and the meaning of the -/ option as it has
> been defined by star for the last 13 years, I see no reason why -% and
> -/ cannot behave as described in these four PSARC cases without causing
> any incompatibilities to the existing star nor to possible future star
> enhancements described in PSARC/2004/480.
This is of course incorrect. Pleae inform yourself about the star project before
trying to judge. The optins -/ and -.. are _needed_ in star's CLI emulations
for the Sun programs in case that someone needs to switch off the "security
by default" behavior. If Sun did introduce the incompatible meaning of -/,
either integration of star based implementaions would be boycotted or these
programs would need to become unstable just from the will of the Sun PSARC
commitee.
Going OpenSource with Solaris and trying to benefit from other OpenSource
Software cannot be seen for serious in case that Sun claims that interface
stability is important but at the same time ignores interface stability.
If you like to retain interface stability, you need to follow the following
rules:
- Interfaces need to be defined in a way that allows them to be stable
for a long time. This is true for star.
- If there are possible conflicts with newer programs (like the current
Sun implementations for tar/cpio/pax) the only way to retain interface
stability is to use the "first come first serve" rule.
The Option -/ has already been in use by star for a long time
_and_ you have been warned about the problem _before_ you started
to introduce incompatibility.
If you introduce -/ for Sun's tar/cpio/pax, you try to prevent other
software (with older rights) from retaining CLI long term stability.
Now, please do your homework....
J?rg
--
EMail:joerg at schily.isdn.cs.tu-berlin.de (home) J?rg Schilling D-13353 Berlin
js at cs.tu-berlin.de (uni)
schilling at fokus.fraunhofer.de (work) Blog:
http://schily.blogspot.com/
URL: http://cdrecord.berlios.de/old/private/ ftp://ftp.berlios.de/pub/schily
