tar: --dereference consistency
This closes another race condition, that occurs when overwriting a symlink with a regular file. * NEWS (--dereference consistency): New section. * doc/tar.texi (Option Summary): Describe new --deference behavior. (dereference): Likewise. Remove discussion that I didn't follow, even before --dereference was changed. * src/common.h (deref_stat, set_file_atime): Adjust signatures. * src/compare.c (diff_file, diff_multivol): Respect open_read_flags instead of rolling our own flags. This implements the new behavior for --dereference. (diff_file, diff_dumpdir): Likewise, for fstatat_flags. * src/create.c: Adjust to set_file_atime signature change. * src/extract.c (mark_after_links, file_newer_p, extract_dir): Likewise. * src/incremen.c (try_purge_directory): Likewise. * src/misc.c (maybe_backup_file): Likewise. * src/extract.c (file_newer_p): New arg STP. All callers changed. (maybe_recoverable): New arg REGULAR. All callers changed. Handle the case of overwriting a symlink with a regular file, when --overwrite is specified but --dereference is not. (open_output_file): Add O_CLOEXEC, O_NOCTTY, O_NONBLOCK for consistency with file creation. Add O_NOFOLLOW if overwriting_old_files && ! dereference_option. * src/incremen.c (update_parent_directory): Use fstat, not fstatat; there's less to go wrong. * src/misc.c (deref_stat): Remove DEREF arg. All callers changed. Instead, use fstatat_flags. (set_file_atime): Remove ATFLAG arg. All callers changed. Instead, use fstatat_flags. * src/names.c, src/update.c: Adjust to deref_stat signature change. * src/tar.c (get_date_or_file): Use stat, not deref_stat, as this is not a file to be archived. * tests/Makefile.am (TESTSUITE_AT): Add extrac13.at. * tests/extrac13.at: New file. * tests/testsuite.at: Include it.
This commit is contained in:
Paul Eggert
41
doc/tar.texi
41
doc/tar.texi
@@ -2559,9 +2559,9 @@ directories until the end of extraction. @xref{Directory Modification Times and
|
||||
@item --dereference
|
||||
@itemx -h
|
||||
|
||||
When creating a @command{tar} archive, @command{tar} will archive the
|
||||
file that a symbolic link points to, rather than archiving the
|
||||
symlink. @xref{dereference}.
|
||||
When reading or writing a file to be archived, @command{tar} accesses
|
||||
the file that a symbolic link points to, rather than the symlink
|
||||
itself. @xref{dereference}.
|
||||
|
||||
@opsummary{directory}
|
||||
@item --directory=@var{dir}
|
||||
@@ -9319,30 +9319,25 @@ than System V's.
|
||||
Normally, when @command{tar} archives a symbolic link, it writes a
|
||||
block to the archive naming the target of the link. In that way, the
|
||||
@command{tar} archive is a faithful record of the file system contents.
|
||||
@option{--dereference} (@option{-h}) is used with @option{--create} (@option{-c}), and causes
|
||||
@command{tar} to archive the files symbolic links point to, instead of
|
||||
the links themselves. When this option is used, when @command{tar}
|
||||
encounters a symbolic link, it will archive the linked-to file,
|
||||
instead of simply recording the presence of a symbolic link.
|
||||
When @option{--dereference} (@option{-h}) is used with
|
||||
@option{--create} (@option{-c}), @command{tar} archives the files
|
||||
symbolic links point to, instead of
|
||||
the links themselves.
|
||||
|
||||
The name under which the file is stored in the file system is not
|
||||
recorded in the archive. To record both the symbolic link name and
|
||||
the file name in the system, archive the file under both names. If
|
||||
all links were recorded automatically by @command{tar}, an extracted file
|
||||
might be linked to a file name that no longer exists in the file
|
||||
system.
|
||||
|
||||
If a linked-to file is encountered again by @command{tar} while creating
|
||||
the same archive, an entire second copy of it will be stored. (This
|
||||
@emph{might} be considered a bug.)
|
||||
|
||||
So, for portable archives, do not archive symbolic links as such,
|
||||
and use @option{--dereference} (@option{-h}): many systems do not support
|
||||
When creating portable archives, use @option{--dereference}
|
||||
(@option{-h}): some systems do not support
|
||||
symbolic links, and moreover, your distribution might be unusable if
|
||||
it contains unresolved symbolic links.
|
||||
|
||||
The @option{--dereference} option is not secure if an untrusted user
|
||||
can modify files during creation or extraction. @xref{Security}.
|
||||
When reading from an archive, the @option{--dereference} (@option{-h})
|
||||
option causes @command{tar} to follow an already-existing symbolic
|
||||
link when @command{tar} writes or reads a file named in the archive.
|
||||
Ordinarily, @command{tar} does not follow such a link, though it may
|
||||
remove the link before writing a new file. @xref{Dealing with Old
|
||||
Files}.
|
||||
|
||||
The @option{--dereference} option is unsafe if an untrusted user can
|
||||
modify directories while @command{tar} is running. @xref{Security}.
|
||||
|
||||
@node hard links
|
||||
@subsection Hard Links
|
||||
|
||||
Reference in New Issue
Block a user