bug-tar
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-tar] Anti-tarbomb feature --new-dir


From: Martin von Gagern
Subject: [Bug-tar] Anti-tarbomb feature --new-dir
Date: Mon, 18 Jul 2011 11:40:59 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:5.0) Gecko/20110707 Thunderbird/5.0

Hi!

I find myself often doing things like "tar tf" followed by "tar xf",
where the tf is only to ensure that the tar does contain a single
subdirectory. Computers could do this check much more quickly, so I'd
like to request an option for it.

I suggest a long name like "--new-dir", and whatever short name you
might find suitable for it, perhaps "-N" or "-B".

The option would ensure that the tarball
1. does create a single new directory
2. places all files inside that directory

I understand that tar operates on a stream and it would be infeasible to
inspect the whole archive before writing the files. So in more detail,
the operation should probably work like this (pseudocode):

dirName = NULL;
for (all entries) {
  if (entry describes ".") // can this ever happen?
    continue;
  if (entry starts in "/" or uses "../" references)
    die("tarbomb: bad path %s", entry path)
  firstDir = first arc of entry path;
  if (file directly inside base directory)
    die ("tarbomb: file not inside any dir");
  if (dirName == NULL) {
    dirName = firstDir;
    if (directory dirName exists)
      die ("tarbomb: directory %s already exists", dirName);
    create directory dirName;
  }
  else if (dirName != firstDir) {
    recursively delete directory dirName;
    die ("tarbomb: creates multiple directories");
  }
  unpack entry as usual;
}
if (dirName != NULL and --print-new-dir specified)
  printf ("%s\n", dirName);

This would use the first entry as a specification of the directory to
create. Any later violation of the expected behaviour would cause tar to
clean up before exiting with an error message.

I also think printing the name of the newly created directory might be
useful under some circumstances, so I added an option for that as well.

What do you think? Has this been discussed before? Do you want a patch
for this? I'd be happy to write one, but employer disclaimer might be a
problem.

Please reply also by personal mail, as I don't follow this list.

Greetings,
 Martin von Gagern

Attachment: signature.asc
Description: OpenPGP digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]