Re: [Full-disclosure] tar alternative

---

• From: Aaron Gray <angray@xxxxxxxx>
• Date: Fri, 15 Sep 2006 23:55:15 +0100

---

Tim wrote:

Don't. Untar. Archives. As. Root.

It's that simple.

Or are you also going to complain about the fact that there are tar
versions out there that don't strip a leading / from the archive?
Much fun can be had when you carelessly extract as root, then.

Hello,

Sorry to change the subject slightly here on this thread, but I was
wondering about this before the topic came up.

Given the problems with using the tar format for file distribution, are
there any other simple, non-compressed file-grouping formats out there
that weren't originally designed for backups (e.g. don't contain
usernames, permissions, etc)? Something that can be a drop-in
replacement for tar and thus can integrate with gzip/bzip2 easily?
(Don't even say .zip)

There's probably one out there I'm completely naive about, but I haven't
seen one yet that would be a safer alternative.

cpio ?

It does the job of both tar and gzip. Try an :-

info cpio

As for the Linux Kernel archives, I do not really think there is enough justification for a change in distribution format.

Most kernel coders either use non root account for untar'ing and making the kernel and do a 'sudo make install' anyway.

My 0.02cents worth,

Aaron

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

---

• Follow-Ups:
  • Re: [Full-disclosure] tar alternative
    • From: Tim

• References:
  • [Full-disclosure] Linux kernel source archive vulnerable
    • From: Hadmut Danisch
  • [Full-disclosure] Re: Linux kernel source archive vulnerable
    • From: Gerald (Jerry) Carter
  • [Full-disclosure] Re: Linux kernel source archive vulnerable
    • From: Hadmut Danisch
  • [Full-disclosure] Re: Linux kernel source archive vulnerable
    • From: Gerald (Jerry) Carter
  • [Full-disclosure] Re: Linux kernel source archive vulnerable
    • From: Hadmut Danisch
  • Re: [Full-disclosure] Re: Linux kernel source archive vulnerable
    • From: Jurjen Oskam
  • [Full-disclosure] tar alternative
    • From: Tim

• Prev by Date: [Full-disclosure] AttackAPI (0.7)
• Next by Date: [Full-disclosure] Info about HTA file [spam or malware ?]
• Previous by thread: Re: [Full-disclosure] Re: tar alternative
• Next by thread: Re: [Full-disclosure] tar alternative
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: cvs commit: src/usr.bin/tar Makefile bsdtar.1 bsdtar.c bsdtar.h bsdtar_platform.h matching.c rea ... the last official spec for tar. ... extensions even when not absolutely required. ... format won't use SUSv3 extensions just to store atime/ctime ... and some cpio archives. ... (freebsd-current) Re: tar vs ... As a refugee from DOS/Windos/OS/2 etc etc.....I have a question. ... What is Linuxs "obsession" with tar? ... *ar*chive) is a type of archive bitstream or file format. ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ... (Debian-User) Re: malformed man pages [SOLVED] ... Dan Nelson wrote: ... Eg. man tar shows as follows: ... 1mtar 22m-- format of tape archive files ... (freebsd-questions) Re: Compression recommendation for Windows ... tar is industrial strength, but for your task zip should work too. ... larger selection of compressors and decompressors available. ... this does not change that it is not technically an open format however. ... allow compression of the central directory (however, ... (comp.compression) Re: S: Alternative zu star ... warum sollte man wohl ein _kompliziertes_ Format wie ZIP ... verwenden wenn es ein einfaches Format wir TAR auch tun würde? ... einfache Format "TAR" doch nicht so einfach ist, ... (de.comp.os.unix.linux.misc)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > Full-Disclosure  > 2006-09