On Sun, 3 Jun 2018 02:00:53 +0200 Juan Francisco Cantero Hurtado <[email protected]> wrote:
> On 02/06/18 20:04, Antonio Diaz Diaz wrote: > > Juan Francisco Cantero Hurtado wrote: > >>> I think I have found an unexpected difficulty. It seems that the > >>> pax format has a serious flaw not present in the ustar format. The > >>> extended records in the pax extended header are not protected by > >>> any checksum in spite of containing critical metadata (file size, > >>> filename, file time,...). This may lead to several kinds of > >>> undetected corruption. > >> > >> You can use a comment entry for the checksum of the headers or > >> whatever you want. Other tar tools will ignore the entry. > > > > Exactly, *other tar tools will ignore the entry*, leading to a > > fragmented format[1] where, depending on how the file was created > > and on what unarchiver is used, the integrity check will be > > sometimes performed and sometimes not. > > > > [1] http://www.nongnu.org/lzip/xz_inadequate.html#fragmented > > Your only options are to create a new format and forget the > compatibility "promise" with existing tools or just live with that > limitation of the posix format. I think the enhancement or the fix could be proposed to the Austin Group for the next update of POSIX. > Anyway, IIUC, the tar headers are inside of the lzip member which > checks the integrity of the content. The risk of corrupted headers is > low. > > > _______________________________________________ Lzip-bug mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/lzip-bug
