git.ipfire.org Git - thirdparty/libarchive.git/commit

author	zoulasc <christos@zoulas.com>
	Mon, 20 Jan 2020 12:20:42 +0000 (13:20 +0100)
committer	Martin Matuska <martin@matuska.org>
	Mon, 20 Jan 2020 14:31:07 +0000 (15:31 +0100)
commit	b51d6b621533b6ea7a0a9c4770cc23c2d62a88cf
tree	204b5972b4a5201ae678a38fd25b670c1f48a14c	tree
parent	06721c2ad050be144e4cc1719f197fbcfba438eb	commit \| diff

Introduce archive_write_disk(3) flag ARCHIVE_EXTRACT_SAFE_WRITES

This flag changes the way that regular files are extracted:

Instead of removing existing files first and re-creating them in
order to replace their contents, a temporary file is created and
when writing to the temporary file is completed, the file is
rename(2)d to the final destination name.

This has the effect of presenting a consistent view of the file to
the system (either the file with the new contents or the file with
the old contents). Removing and overwriting the file has the
undesired side effect that the the system can either not see the
file at all (from the time it is being removed till the time it is
being re-created), or worse it can see partial file contents. This
is problematic when extracting system files (for example shared
libraries).

If the existing file that is going to be overwritten is a hard link,
for now we unlink it before calling rename(2). This can be done
correctly by creating a hardlink to a tmpnam(3) generated file
and then use rename(2), but that is fairly intrusive and requires
refactoring.

Fixes #1289

libarchive/archive.h		diff \| blob \| blame \| history
libarchive/archive_private.h		diff \| blob \| blame \| history
libarchive/archive_util.c		diff \| blob \| blame \| history
libarchive/archive_write_disk.3		diff \| blob \| blame \| history
libarchive/archive_write_disk_posix.c		diff \| blob \| blame \| history
tar/bsdtar.1		diff \| blob \| blame \| history
tar/bsdtar.c		diff \| blob \| blame \| history
tar/bsdtar.h		diff \| blob \| blame \| history
tar/cmdline.c		diff \| blob \| blame \| history