On 06/29/2017 02:11 PM, Vít Šesták wrote:
I feel this to be controversial. It is right as long as you implement it
carefully (How would you handle the separator being present in the content of
the file? How would you sanitize the filenames? And so on…) AND you don't
exceed the complexity of tar format.
Regards,
Vít Šesták 'v6ak'
A lot is implied once you're parsing on the receiving end. Can't be
avoided. Have to decide whether that "a lot" is better than tar's level
of complexity.
But I think its manageable; qvm-copy isn't too complex after all. I
think it passes the file size along with filename. That will nail-down
the separator issue, for example. Being aware of file syntax (special
purpose application) can help.
At the end of the day, maybe its better to trust tar, or not consider
dest VM security important, or re-use qvm-copy code for a utility that
works in a dom0-initiated mode.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/ba72fb7c-8a10-7fb8-21b4-fc5d3815ae74%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.
