developer.intra2net.com Git - python-delta-tar/commit

author	Philipp Gesang <philipp.gesang@intra2net.com>
	Mon, 7 Nov 2016 09:00:32 +0000 (10:00 +0100)
committer	Thomas Jarosch <thomas.jarosch@intra2net.com>
	Mon, 2 Apr 2018 09:56:01 +0000 (11:56 +0200)
commit	9b13f5c4b8adaf0913cd8664858b24879d36a40e
tree	60edd5d7fc0159c1f553dfdb2a875a3133c5d44c	tree \| snapshot (zip tar.gz)
parent	43ce978b75b788049422850acf72a1e9b75921d0	commit \| diff

ignore all symlinks

Don’t delay the creation of symlinks but suppress it entirely.

The rationale is that extraction with deltatar will only ever
operate on inputs whose symlinks are dereferenced upon archive
creation. Thus valid archives will not contain symlinks at all.

Also, it would appear that deltatar assumes paths of objects
inside a tarball are unique. If the tarball contains ultiple
objects with the same path, it will extract only the first one it
encounters and ignore the rest. This means that it would take at
least two successive backups to perform a symlink attack, the
first one planting the link and the second writing over the
location. This is prevented by the current mitigation strategy
(and by the --unlink option of other tar utilities).

deltatar/deltatar.py		diff \| blob \| blame \| history
deltatar/tarfile.py		diff \| blob \| blame \| history
testing/test_deltatar.py		diff \| blob \| blame \| history