lzip-bug
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Lzip-bug] Tarlz 0.4: Use of 'ustar' format instead of 'posix'; ques

From: Antonio Diaz Diaz
Subject: Re: [Lzip-bug] Tarlz 0.4: Use of 'ustar' format instead of 'posix'; question about future of Tarlz utility
Date: Tue, 05 Jun 2018 00:03:36 +0200
User-agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 
Hi Timothy,

Timothy Beryl Grahek wrote:

Antonio Diaz Diaz wrote: [...] Please, could you verify[1] that
extended records are not protected by any checksum. Thanks.
[1] http://pubs.opengroup.org/onlinepubs/9699919799/utilities/pax.html


Yes, it does appear that the 'pax' Entended Header does not contain a
checksum.


Thanks. I won't use the pax format then.



All of this is quite concerning. Is there not another tar format that
doesn't suffer from these problems that doesn't have the limitations of
the 'ustar' format? What about the GNU format? Perhaps that format has
the same problem as this 'pax' extended format? It is tempting for me to
avoid all tar formats except for 'ustar' considering I am now no longer
sure that other tar formats besides 'ustar' keep track of data integrity.
As soon as I find the time I'll examine the gnu format. It offers unlimited file size and unlimited name size, the two most important features. 



All in all, I suppose it is unambiguous that the extended records in
'pax' cannot be used if we are concerned about preventing a fragmented
format from becoming commonplace. In other words, the tar 'pax' format
must be changed or abandoned in favor of a better tar format that
provides a checksum for extended records.


Certainly the pax format must be changed or abandoned.



Juan Francisco Cantero Hurtado wrote: [...] Anyway, IIUC, the tar
headers are inside of the lzip member which checks the integrity of
the content. The risk of corrupted headers is low.

This sounds good, except that by adopting a tar format, someone may be
interested in using Lzip to decompress the tar file without
simultaneously extracting the contents; if someone actually does this,
which is extremely likely, this will negate the data protection provided
by Lzip.
Agreed. Any tar format used by tarlz must be safe by itself. Remember that tarlz can also create uncompressed archives. 


Best regards,
Antonio.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]