|
| From: | Juan Francisco Cantero Hurtado |
| Subject: | Re: [Lzip-bug] Tarlz 0.4: Use of 'ustar' format instead of 'posix'; question about future of Tarlz utility |
| Date: | Sun, 3 Jun 2018 02:00:53 +0200 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 |
On 02/06/18 20:04, Antonio Diaz Diaz wrote:
Juan Francisco Cantero Hurtado wrote:I think I have found an unexpected difficulty. It seems that the pax format has a serious flaw not present in the ustar format. The extended records in the pax extended header are not protected by any checksum in spite of containing critical metadata (file size, filename, file time,...). This may lead to several kinds of undetected corruption.You can use a comment entry for the checksum of the headers or whatever you want. Other tar tools will ignore the entry.Exactly, *other tar tools will ignore the entry*, leading to a fragmented format[1] where, depending on how the file was created and on what unarchiver is used, the integrity check will be sometimes performed and sometimes not.[1] http://www.nongnu.org/lzip/xz_inadequate.html#fragmented
Your only options are to create a new format and forget the compatibility "promise" with existing tools or just live with that limitation of the posix format.
Anyway, IIUC, the tar headers are inside of the lzip member which checks the integrity of the content. The risk of corrupted headers is low.
-- Juan Francisco Cantero Hurtado http://juanfra.info
| [Prev in Thread] | Current Thread | [Next in Thread] |