[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Lzip-bug] Tarlz 0.4: Use of 'ustar' format instead of 'posix'; ques
|
From: |
Matias Fonzo |
|
Subject: |
Re: [Lzip-bug] Tarlz 0.4: Use of 'ustar' format instead of 'posix'; question about future of Tarlz utility |
|
Date: |
Sun, 3 Jun 2018 16:08:19 -0300 |
On Sun, 3 Jun 2018 02:00:53 +0200
Juan Francisco Cantero Hurtado <address@hidden> wrote:
> On 02/06/18 20:04, Antonio Diaz Diaz wrote:
> > Juan Francisco Cantero Hurtado wrote:
> >>> I think I have found an unexpected difficulty. It seems that the
> >>> pax format has a serious flaw not present in the ustar format. The
> >>> extended records in the pax extended header are not protected by
> >>> any checksum in spite of containing critical metadata (file size,
> >>> filename, file time,...). This may lead to several kinds of
> >>> undetected corruption.
> >>
> >> You can use a comment entry for the checksum of the headers or
> >> whatever you want. Other tar tools will ignore the entry.
> >
> > Exactly, *other tar tools will ignore the entry*, leading to a
> > fragmented format[1] where, depending on how the file was created
> > and on what unarchiver is used, the integrity check will be
> > sometimes performed and sometimes not.
> >
> > [1] http://www.nongnu.org/lzip/xz_inadequate.html#fragmented
>
> Your only options are to create a new format and forget the
> compatibility "promise" with existing tools or just live with that
> limitation of the posix format.
I think the enhancement or the fix could be proposed to the Austin
Group for the next update of POSIX.
> Anyway, IIUC, the tar headers are inside of the lzip member which
> checks the integrity of the content. The risk of corrupted headers is
> low.
>
>
>