[ILUG] tar question (leading-`/' and with-`..' files)

[Brian Foster]

  | Date: Fri, 02 Sep 2005 18:39:07 +0000
  | From: conor at discuskeeping.com
  | 
  |  >>  tar -xvf /dev/st1
  |  >> He gets an error (not sure if this is exact)
  |  >>  tar:../internal.data member name contains ..
  | Actually, I think the issue is more that tar does
  | not like the ../directory

 absolutely!  I thought this was well-known?
 backing up files using paths starting with `/' or
 containing `..' elements can cause nasty surprises
 when the files are restored (and is especially
 dangerous if superuser (root) does the restore).
 the leading-`/' issue is so serious some (but not
 all!) `tar's refuse, by default, to create an
 archive containing such files.

 e.g., assuming this is GNU tar(1), then from the
 info(1) page:

   “`-P'
    `--absolute-names'
        Do not strip leading slashes from file names, and permit
        file names containing a `..' file name component.
     [ ... ]
        By default, GNU `tar' drops a leading `/' on input or output,
        and complains about file names containing a `..' component.
        This option turns off this behavior.
     [ ... ]
        File names containing `..' can cause problems when extracting,
        so `tar' normally warns you about such files when creating an
        archive, and rejects attempts to extracts such files.”

  | Try with the full path instead.

 won't help (assuming this is GNU `tar').

 instead, the first thing to do is beat this idiot
 about the head until you get a coherent explanation
 _WHY_ s\he has been ignoring the warning messages
 `tar' printed when the idiot made its backups:

     $ tar cvf /tmp/TAR.tar ../iRiver
     tar: Member names contain `..'
     [ ... ]
     $ 

 also insist on a coherent answer to _WHY_ the
 idiot obviously never bothered to *test* her\his
 ability to recover (restore) before it mattered.

 if the damn fool cannot explain why, leave it to
 stew in its own juices.

 if it can, then explain why `..' is a bad idea;
 and why ignoring (repeated!) warnings — at least
 one every backup — is also very stupid.

 then tell it how it should have made its backup.
 the answer is (very probably) NOT “use -P”!
 ( I will not suggest what a possible solution
  may be for this particular luser, as I don't
  know the answer to the first “why?”, above. )
 make it very clear you will not tell the idiot
 how to recover until it promises to make (and
 test) its future backups in a sensible manner.

 then tell it the answer (i.e., how to recover
 from the mess of its own creation (use -P with
 the existing defective backups)), perhaps by
 using `info' to point out the clearly documented
 behaviour (above):

    $ mkdir /tmp/stupid-idiots-backup
    $ cd    /tmp/stupid-idiots-backup
    $ tar xvf /tmp/TAR.tar
    ../iRiver/
    tar: ../iRiver/: Member name contains `..'
    [ ... ]
    $ echo $?
    2
    $ tar xvfP /tmp/TAR.tar
    ../iRiver/
    [ ... ]
    $ echo $?
    0
    $ 

 of course, before educating this fool, make certain
 the `tar' it is using behaves and documented/shown.

 the person making the backups had multiple opportunities
 to suspect/confirm there would be a problem, obviously
 ignored some of the warnings, and very probably did not
 even bother with other rudimentary precautions.  *sigh*

cheers!
	-blf-
-- 
Experienced (20+ yrs) kernel/software Eng: | Brian Foster   Montpellier,
 • Unix, embedded, &tc;  • Linux;  • doc;  | blf at utvinternet.ie   FRANCE
 • IDL, automated testing, process, &tc.   |  Stop E$$o (ExxonMobile)!
Résumé (CV) http://www.blf.utvinternet.ie  |     http://www.stopesso.com