bug-tar
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Aw: Re: I am so sad.

From: Marius Spix
Subject: Aw: Re: I am so sad.
Date: Thu, 20 Aug 2020 14:34:37 +0200
The f option is in fact very dangerous and , so you should always use:
 
tar czf - ./various_*/*.f90 *.f90 > src.tar.gz
 
This makes it even easier to apply other filters later, e. g.
 
tar cf - ./various_*/*.f90 *.f90 | gzip | tee backup.tar.gz | ssh remote.host "gzip -d | tar xf - -C /var/backup"
 
I also use this trick for other dangerous applications like:
pdfunite 1.pdf 2.pdf - > 3.pdf
montage 1.png 2.png - > 3.png
 
 
Gesendet: Donnerstag, 20. August 2020 um 12:35 Uhr
Von: "Joerg Schilling" <Joerg.Schilling@fokus.fraunhofer.de>
An: vince.eccles@gmail.com, bug-tar@gnu.org
Betreff: Re: I am so sad.
Vince Eccles <vince.eccles@gmail.com> wrote:

> Dear sirs,
>
> I worked all day on debugging some important coding in FORTRAN. It was tested and working. I decided it was time to tar up the new code and send it to a backup machine.
>
> I intended to type:
>
> tar -zcf src.tar.gz ./various_*/*.f90 *.f90
>
> which would have places all the fortran codes in a compressed tar file that I would transfer to a new machine.
>
> However, I typed:
>
> tar -zcf ./various_/*.f90 *.f90
>
> and the tar blasted all of my fortran files. I had a backup from two days ago, but the lost effort was horrific.

First, if this really destroys _all_ f90 files, then there would be a bad bug
in gtar. I expect only the first f90 file to be destroyed.

In general, this is a result of the way, the historical tar from 1977 did
implement command line parsing.

While gtar implements a method that claims to be compatible to that historical
way, it is still not 100 compatible to a real tar but o the other side continues
to have this CLI parsing problem.

star since > 35 years implements a new safe method that does not permit certain
use cases. If called as "star", this is definitely impossible. If called as
"tar", star still prevents your problem to happen, since it remembers that is
has been called with the dangerous historic CLI and thus requires the output
file to either not exist or to be of zero size.

There are several levels for the security in star:

tar cf archive ...

uses the official tar CLI and the related compatibility converter contains the
rule mentioned above.

tar -cf archive ...

is an undocumented CLI that "tar" does not need to support and for this reason,
the option parser in such a case does not permit to combine options in a single
argument unless they are boolean flags. 'f' does not match that category.

So there is a way to prevent similar problems when using the right software.

Jörg

--
EMail:joerg@schily.net (home) Jörg Schilling D-13353 Berlin
joerg.schilling@fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/
URL: http://cdrecord.org/private/ http://sf.net/projects/schilytools/files/'
 
reply via email to
[Prev in Thread] Current Thread [Next in Thread]