Bug#774445: bsdtar: can't add files with //multiple/leading/slashes

[Jakub Wilk]

* Jakub Wilk , 2015-01-02, 22:07:
I wanted to create a tar archive with a path that had multiple leading 
slashes[0]. But this doesn't seem to be possible with bsdtar:


$ bsdtar -Pcf test.tar //bin/true && tar -Ptf test.tar
/bin/true


I no longer use bsdtar, so feel free to close this bug.

--
Jakub Wilk

Bug#774445: bsdtar: can't add files with //multiple/leading/slashes

[Jakub Wilk]

Hi Peter!

Thanks for forwarding the bug.

* Peter Pentchev , 2016-07-09, 02:29:
in the worst case we may decide to carry this as a Debian-specific 
patch for the benefit of compatibility with GNU tar, but, to be honest, 
I see a couple of potential drawbacks with this approach, too; some 
might even mumble something about "gratuitous differences in behavior"


Yeah, let's not go this way.

--
Jakub Wilk

Bug#774445: bsdtar: can't add files with //multiple/leading/slashes

[Peter Pentchev]

control: tag -1 + confirmed upstream
control: forward -1 https://github.com/libarchive/libarchive/issues/740

Hi,

Thanks for taking a look at libarchive and bsdtar for your tests!

Well, I do understand your case, and I forwarded it to the upstream
GitHub issue tracker.  However, the fact remains that this behavior:

- has been with libarchive since pretty much the very beginning, or
  at least the moment when it was broken out of FreeBSD as a standalone
  project, and

- there are arguments in favor of the current behavior: in the common
  case multiple slashes are, at best, useless, and, at worst, harmful
  on, say, Windows with its //hostname/path network share syntax

So let's see what the upstream authors say; in the worst case we may
decide to carry this as a Debian-specific patch for the benefit of
compatibility with GNU tar, but, to be honest, I see a couple of
potential drawbacks with this approach, too; some might even mumble
something about "gratuitous differences in behavior" and "POLA
violations" when writing portable scripts using bsdtar :)

Still, thanks for reporting this and for doing the path traversal
tests at all!

G'luck,
Peter

-- 
Peter Pentchev  r...@ringlet.net r...@freebsd.org p...@storpool.com
PGP key:http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13


signature.asc
Description: PGP signature

Bug#774445: bsdtar: can't add files with //multiple/leading/slashes

[Jakub Wilk]

Package: bsdtar
Version: 3.1.2-10
Severity: minor

I wanted to create a tar archive with a path that had multiple leading 
slashes[0]. But this doesn't seem to be possible with bsdtar:


$ bsdtar -Pcf test.tar //bin/true  tar -Ptf test.tar
/bin/true

For comparison, GNU tar is happy to create such an archive:

$ tar -Pcf test.tar //bin/true  tar -Ptf test.tar
//bin/true


[0] In case you wonder why would anyone want to do that:
I'm trying to craft archives for testing various archive extraction 
software against directory traversal:

https://bitbucket.org/jwilk/path-traversal-samples


-- System Information:
Debian Release: 8.0
 APT prefers unstable
 APT policy: (990, 'unstable'), (500, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages bsdtar depends on:
ii  libacl1   2.2.52-2
ii  libarchive13  3.1.2-10
ii  libattr1  1:2.4.47-2
ii  libbz2-1.01.0.6-7+b2
ii  libc6 2.19-13
ii  liblzma5  5.1.1alpha+20120614-2+b3
ii  liblzo2-2 2.08-1.2
ii  libnettle42.7.1-4
ii  libxml2   2.9.2+dfsg1-1+b1
ii  zlib1g1:1.2.8.dfsg-2+b1

--
Jakub Wilk


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org