[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Lzip-bug] Tarlz 0.4: Use of 'ustar' format instead of 'posix'; ques

From: Juan Francisco Cantero Hurtado
Subject: Re: [Lzip-bug] Tarlz 0.4: Use of 'ustar' format instead of 'posix'; question about future of Tarlz utility
Date: Sun, 3 Jun 2018 02:00:53 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0

On 02/06/18 20:04, Antonio Diaz Diaz wrote:
Juan Francisco Cantero Hurtado wrote:
I think I have found an unexpected difficulty. It seems that the pax
format has a serious flaw not present in the ustar format. The
extended records in the pax extended header are not protected by any
checksum in spite of containing critical metadata (file size,
filename, file time,...). This may lead to several kinds of undetected

You can use a comment entry for the checksum of the headers or whatever
you want. Other tar tools will ignore the entry.

Exactly, *other tar tools will ignore the entry*, leading to a fragmented format[1] where, depending on how the file was created and on what unarchiver is used, the integrity check will be sometimes performed and sometimes not.

[1] http://www.nongnu.org/lzip/xz_inadequate.html#fragmented

Your only options are to create a new format and forget the compatibility "promise" with existing tools or just live with that limitation of the posix format.

Anyway, IIUC, the tar headers are inside of the lzip member which checks the integrity of the content. The risk of corrupted headers is low.

Juan Francisco Cantero Hurtado http://juanfra.info

reply via email to

[Prev in Thread] Current Thread [Next in Thread]