Re: [Bug-tar] [PATCH] Intelligent subdirectory creation to guard against tarbombs
On 08/08/2013 08:28 AM, Paul Eggert wrote: > On 08/08/2013 07:10 AM, Eric Blake wrote: >> Except as a new option that requires no argument, it is easy to modify >> the user's login scripts to set up an alias around tar, so that the >> option is ALWAYS supplied in the user's given interactive environment, >> where it does the right thing for both tarbombs and normal tar files >> with all contents in a single directory. > > I don't know, that sounds a bit intrusive. Many tar files > don't follow these new rules. The tz database, for example. That's the point of the proposal - it allows one to unpack the tz database where all files are unpacked into a new directory rather than polluting the current directory, without over-nesting other tarballs that already unpack into a single directory, all by allowing the user to set up an alias to tar that turns on the new option. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature
Re: [Bug-tar] [PATCH] Intelligent subdirectory creation to guard against tarbombs
On 08/08/2013 07:10 AM, Eric Blake wrote: > Except as a new option that requires no argument, it is easy to modify > the user's login scripts to set up an alias around tar, so that the > option is ALWAYS supplied in the user's given interactive environment, > where it does the right thing for both tarbombs and normal tar files > with all contents in a single directory. I don't know, that sounds a bit intrusive. Many tar files don't follow these new rules. The tz database, for example.
Re: [Bug-tar] [PATCH] Intelligent subdirectory creation to guard against tarbombs
On 08/08/2013 07:29 AM, Paul Eggert wrote: > On 08/07/2013 10:57 PM, Connor Behan wrote: >> If I've understood this, "tar -C foo -xf foo.tar.gz" would not >> accomplish the goal. Typing "-C foo" takes almost as much time as typing >> "mkdir foo". More importantly, the user would have to already know that >> "foo.tar.gz" is a tarbomb to avoid adding a pointless level of depth. > > That objection applies to the --intelligent-subdir option too, no? > Users would have to know about the new option, and would have to use it. Except as a new option that requires no argument, it is easy to modify the user's login scripts to set up an alias around tar, so that the option is ALWAYS supplied in the user's given interactive environment, where it does the right thing for both tarbombs and normal tar files with all contents in a single directory. There is a difference between an option that you can always turn on, and the use of -C foo where the spelling of 'foo' differs per tar file and thus cannot be aliased in. -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature
Re: [Bug-tar] [PATCH] Intelligent subdirectory creation to guard against tarbombs
On 08/07/2013 10:57 PM, Connor Behan wrote: > If I've understood this, "tar -C foo -xf foo.tar.gz" would not > accomplish the goal. Typing "-C foo" takes almost as much time as typing > "mkdir foo". More importantly, the user would have to already know that > "foo.tar.gz" is a tarbomb to avoid adding a pointless level of depth. That objection applies to the --intelligent-subdir option too, no? Users would have to know about the new option, and would have to use it.
Re: [Bug-tar] [PATCH] Intelligent subdirectory creation to guard against tarbombs
On 07/08/13 08:13 PM, Paul Eggert wrote: > I don't see why this option would help much. > All it takes to corrupt is one file, right? > And I can see weaknesses in the proposed implementation: > when you rename the extracted file, you might rename > a file that already existed. Nothing gets overwritten when I try this, but there are probably dozens of edge cases I haven't thought of. I am hoping that if I can gradually fix things like this, the patch will become suitable for inclusion. > Instead, how about extending the -C option to > create the directory if it doesn't already exist > (when extracting), and suggesting to people to use that? > That'd be simpler and easier to document. If I've understood this, "tar -C foo -xf foo.tar.gz" would not accomplish the goal. Typing "-C foo" takes almost as much time as typing "mkdir foo". More importantly, the user would have to already know that "foo.tar.gz" is a tarbomb to avoid adding a pointless level of depth. signature.asc Description: OpenPGP digital signature
Re: [Bug-tar] [PATCH] Intelligent subdirectory creation to guard against tarbombs
I don't see why this option would help much. All it takes to corrupt is one file, right? And I can see weaknesses in the proposed implementation: when you rename the extracted file, you might rename a file that already existed. Instead, how about extending the -C option to create the directory if it doesn't already exist (when extracting), and suggesting to people to use that? That'd be simpler and easier to document.
