[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Lzip-bug] Tarlz 0.4: Use of 'ustar' format instead of 'posix'; ques

From: Matias Fonzo
Subject: Re: [Lzip-bug] Tarlz 0.4: Use of 'ustar' format instead of 'posix'; question about future of Tarlz utility
Date: Sun, 3 Jun 2018 16:08:19 -0300

On Sun, 3 Jun 2018 02:00:53 +0200
Juan Francisco Cantero Hurtado <address@hidden> wrote:

> On 02/06/18 20:04, Antonio Diaz Diaz wrote:
> > Juan Francisco Cantero Hurtado wrote:  
> >>> I think I have found an unexpected difficulty. It seems that the
> >>> pax format has a serious flaw not present in the ustar format. The
> >>> extended records in the pax extended header are not protected by
> >>> any checksum in spite of containing critical metadata (file size,
> >>> filename, file time,...). This may lead to several kinds of
> >>> undetected corruption.  
> >>
> >> You can use a comment entry for the checksum of the headers or
> >> whatever you want. Other tar tools will ignore the entry.  
> > 
> > Exactly, *other tar tools will ignore the entry*, leading to a 
> > fragmented format[1] where, depending on how the file was created
> > and on what unarchiver is used, the integrity check will be
> > sometimes performed and sometimes not.
> > 
> > [1] http://www.nongnu.org/lzip/xz_inadequate.html#fragmented  
> Your only options are to create a new format and forget the 
> compatibility "promise" with existing tools or just live with that 
> limitation of the posix format.

I think the enhancement or the fix could be proposed to the Austin
Group for the next update of POSIX.
> Anyway, IIUC, the tar headers are inside of the lzip member which
> checks the integrity of the content. The risk of corrupted headers is
> low.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]