Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Tar extract behaviour changed



In article <19306.1571753157%jinx.noi.kre.to@localhost>,
Robert Elz  <kre%munnari.OZ.AU@localhost> wrote:
>    Date:        Tue, 22 Oct 2019 14:27:39 +0200
>    From:        Joerg Sonnenberger <joerg%bec.de@localhost>
>    Message-ID:  <20191022122739.GA86029%bec.de@localhost>
>
>  | Extraction of entries in streamable formats happens in isolation. The
>  | archiver has no knowledge about pre-existing symlinks or whether the
>  | archive itself just created the symlink. 
>
>It should be able to deduce something from the ctime of the symlink
>if it wanted - if that predates the start of the extraction, then the
>symlink was there in advance, if after, then (most probably) the archive
>contained the symlink.

That's a good idea :-)

>christos%astron.com@localhost said:
>  | because then we would have to normalize and check all symlinks in the
>  | archive (and do what? allow only the symlink pointing to an empty directory
>  | case?
>
>only allow symlinks pointing inside the tree being extracted most likely.

Well, one of the use cases is when we don't have enough disk space in the
same partition, so that will not work out.

>But in both cases, when the archive is untrusted, avoiding all of this
>is best, when it is trusted (particularly when the user created it themselves)
>things ought to be more flexible.

Right.

christos



Home | Main Index | Thread Index | Old Index