[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-tar] [PATCH] Intelligent subdirectory creation to guard against
|
From: |
Connor Behan |
|
Subject: |
Re: [Bug-tar] [PATCH] Intelligent subdirectory creation to guard against tarbombs |
|
Date: |
Wed, 07 Aug 2013 22:57:48 -0700 |
|
User-agent: |
Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130625 Thunderbird/17.0.7 |
On 07/08/13 08:13 PM, Paul Eggert wrote:
> I don't see why this option would help much.
> All it takes to corrupt is one file, right?
> And I can see weaknesses in the proposed implementation:
> when you rename the extracted file, you might rename
> a file that already existed.
Nothing gets overwritten when I try this, but there are probably dozens
of edge cases I haven't thought of. I am hoping that if I can gradually
fix things like this, the patch will become suitable for inclusion.
> Instead, how about extending the -C option to
> create the directory if it doesn't already exist
> (when extracting), and suggesting to people to use that?
> That'd be simpler and easier to document.
If I've understood this, "tar -C foo -xf foo.tar.gz" would not
accomplish the goal. Typing "-C foo" takes almost as much time as typing
"mkdir foo". More importantly, the user would have to already know that
"foo.tar.gz" is a tarbomb to avoid adding a pointless level of depth.
signature.asc
Description: OpenPGP digital signature