bug-tar
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I am so sad.

From: Joerg Schilling
Subject: Re: I am so sad.
Date: Thu, 20 Aug 2020 12:35:41 +0200
User-agent: Heirloom mailx 12.5 7/5/10 
Vince Eccles <vince.eccles@gmail.com> wrote:

> Dear sirs,
>
> I worked all day on debugging some important coding in FORTRAN. It was tested 
> and working. I decided it was time to tar up the new code and send it to a 
> backup machine.
>
> I intended to type:
>
> tar -zcf src.tar.gz ./various_*/*.f90 *.f90
>
> which would have places all the fortran codes in a compressed tar file that I 
> would transfer to a new machine.
>
> However, I typed:
>
> tar -zcf ./various_/*.f90 *.f90
>
> and the tar blasted all of my fortran files. I had a backup from two days 
> ago, but the lost effort was horrific.

First, if this really destroys _all_ f90 files, then there would be a bad bug 
in gtar. I expect only the first f90 file to be destroyed.

In general, this is a result of the way, the historical tar from 1977 did 
implement command line parsing.

While gtar implements a method that claims to be compatible to that historical 
way, it is still not 100 compatible to a real tar but o the other side 
continues 
to have this CLI parsing problem.

star since > 35 years implements a new safe method that does not permit certain 
use cases. If called as "star", this is definitely impossible. If called as 
"tar", star still prevents your problem to happen, since it remembers that is 
has been called with the dangerous historic CLI and thus requires the output 
file to either not exist or to be of zero size.

There are several levels for the security in star:

   tar cf archive ...

uses the official tar CLI and the related compatibility converter contains the
rule mentioned above.

   tar -cf archive ...

is an undocumented CLI that "tar" does not need to support and for this reason, 
the option parser in such a case does not permit to combine options in a single 
argument unless they are boolean flags. 'f' does not match that category.

So there is a way to prevent similar problems when using the right software.

Jörg

-- 
 EMail:joerg@schily.net                    (home) Jörg Schilling D-13353 Berlin
    joerg.schilling@fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/
 URL: http://cdrecord.org/private/ http://sf.net/projects/schilytools/files/'
reply via email to
[Prev in Thread] Current Thread [Next in Thread]