Re: [Lzip-bug] Tarlz 0.4: Use of 'ustar' format instead of 'posix'; question about future of Tarlz utility

Mon, 04 Jun 2018 15:04:31 -0700 

Hi Timothy,

Timothy Beryl Grahek wrote:

Antonio Diaz Diaz wrote: [...] Please, could you verify[1] that
extended records are not protected by any checksum. Thanks.
[1] http://pubs.opengroup.org/onlinepubs/9699919799/utilities/pax.html


Yes, it does appear that the 'pax' Entended Header does not contain a
checksum.


Thanks. I won't use the pax format then.



All of this is quite concerning. Is there not another tar format that
doesn't suffer from these problems that doesn't have the limitations of
the 'ustar' format? What about the GNU format? Perhaps that format has
the same problem as this 'pax' extended format? It is tempting for me to
avoid all tar formats except for 'ustar' considering I am now no longer
sure that other tar formats besides 'ustar' keep track of data integrity.



As soon as I find the time I'll examine the gnu format. It offers 
unlimited file size and unlimited name size, the two most important 
features.




All in all, I suppose it is unambiguous that the extended records in
'pax' cannot be used if we are concerned about preventing a fragmented
format from becoming commonplace. In other words, the tar 'pax' format
must be changed or abandoned in favor of a better tar format that
provides a checksum for extended records.


Certainly the pax format must be changed or abandoned.



Juan Francisco Cantero Hurtado wrote: [...] Anyway, IIUC, the tar
headers are inside of the lzip member which checks the integrity of
the content. The risk of corrupted headers is low.

This sounds good, except that by adopting a tar format, someone may be
interested in using Lzip to decompress the tar file without
simultaneously extracting the contents; if someone actually does this,
which is extremely likely, this will negate the data protection provided
by Lzip.



Agreed. Any tar format used by tarlz must be safe by itself. Remember 
that tarlz can also create uncompressed archives.



Best regards,
Antonio.

_______________________________________________
Lzip-bug mailing list
[email protected]
https://lists.nongnu.org/mailman/listinfo/lzip-bug























					Reply via email to