"tar t" and aesthetics -- the fundamental problem

Natanael Copa natanael.copa at gmail.com
Wed Apr 19 21:31:29 UTC 2006


On Wed, 19 Apr 2006 17:17:38 -0400
Rob Landley <rob at landley.net> wrote:
> > the trailing '/' are added (or should be?) in the archive for all
> > directories for backwards compatibility.
> 
> I believe there's code in there that strips that out.  Presumably, it
> shouldn't do that for the display, just for the file processing.

Yep. Thats what rday and I were discussing. bsd tar removes it right before processing it (mkdir) and adds it back again.

I would like to find out if we need to remove it at all for the processing. So far it looks like we don't need to, which means we can just cut a few lines (the ones doing the stripping) and things should work. This needs some more investigation and testing though.

> > Desired feature would be so add some security checks like not accepting
> > .. as pathnames.
> 
> Hmmm...  We have cleanup code that can resolve those (libbb/simplify_path.c),

Good to know, thanks.

> but it sounds like from a security perspective what we want is to _remove_
> any path component that's ".."...

exactly. but it will increase the size. I think its worth it.
 
> > Expected behavior would also be --exclude= be somewhat more compatible
> > with bsd and gnu tar.
> 
> Agreed.
> 
> > The gnu tar sources are mentioning UNIX98 tar, but I could not find
> > anything more about it (except that there is a book for sale...)
> 
> I finally registered to read the darn Unix 98 official susv3, and it IS the
> open group base specifications version 6.  (Not only is it identical, but it
> says so right at the top of the page.)
> 
> Anyway, the page you want is here:
> http://www.opengroup.org/onlinepubs/000095399/idx/utilities.html

I found that one yes.

> That doesn't have tar,

I was looking for tar.

> but it does have pax:
> http://www.opengroup.org/onlinepubs/000095399/utilities/pax.html

Ah.. I thought pax was PaX. http://pax.grsecurity.net/ That explain things.
Need to read and find the relation to tar.

Thanks.

> Rob

Nat (the only one?)



More information about the busybox mailing list