Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
04-08-2014, 04:57 PM
|
#1
|
Member
Registered: Apr 2012
Location: California
Posts: 422
Rep:
|
Is there a fancy script somewhere to prevent tar/zip bombs?
Things that explode into the cwd are almost never what I want, and I figure that someone has written this so I don't have to.
There's gotta be some script that operates at a layer above tar/unzip/etc that can extract things in a safe way. I feel like I've described half of Perl's Extract Module, but maybe someone's already written the other half?
|
|
|
04-08-2014, 05:22 PM
|
#2
|
Senior Member
Registered: Nov 2004
Distribution: Mint, MX, antiX, SystemRescue
Posts: 2,337
|
Not sure what a tar/zip bomb is. I assume a file that un-tar's everything into your current directory without first creating a subdirectory to contain things (that behavior is dependant on how the archive was created in the first place, not something within the tar command itself).
Do you mean like this?
Code:
mkdir target_dir; cd target_dir; tar xvzf ../the_bomb_file.tar.gz; cd ..
There is also a -C option to tar to change directory, which may be what you are wanting.
|
|
|
04-08-2014, 05:27 PM
|
#3
|
Senior Member
Registered: Dec 2013
Distribution: Slackware
Posts: 1,982
|
Here are some bash scripts that use Xdialog to help extract and compress files using p7zip, they always create a directory and extract into that directory to prevent messes.
Code:
#!/bin/sh
# use 7z and tar to extract arhives, and Xdialog for gui
newdir="$(echo "$@" | rev | cut -d. -f1 --complement | rev)"
error() # error
{
Xdialog --title "Error" --msgbox "$1" 0 0
exit 1
}
success() # directory
{
# make sure archive doesn't make a mess
name="$(ls -1A "$1")"
if test "$(echo "$name" | wc -l)" = 1
then
if test -e "$1/../$name"
then
if test "$name" = "$(basename "$1")"
then
if test ! -e "$1-$$"
then
mv "$1" "$1-$$" && mv "$1-$$/$name" "$1-$$/.." && rmdir "$1-$$"
fi
fi
else
mv "$1/$name" "$1/.." && rmdir "$1"
fi
fi
Xdialog --title "Success" --msgbox "Extraction successful" 5 30
exit 0
}
extract() # archive outputdir
{
# try to extract the archive first
if 7z x "-o$2" "$1"
then
success "$2"
else
# we reach here if archive is encrypted, or broken, or an incomplete part
pass=-p"$(Xdialog --stdout --password --title "Archive password" --inputbox "Enter archive password:" 8 30 | grep -o '\<.*\>')"
if test "$pass" != '-p'
then
# extract encrypted archive using password
if 7z x "-o$2" "-y" "$pass" "$1"
then
success "$2"
elif test "$(du -s "$2" | awk '{ print $1 }')" = 0
then
rm -rf "$2"
error "Bad password"
else
error "Broken archive"
fi
else
# clicking cancel and incomplete part archive lead here
if test "$(du -s "$2" | awk '{ print $1 }')" = 0
then
rm -rf "$2"
fi
exit 1
fi
fi
}
mkorfail() # directory
{
if ! mkdir "$1"
then
error "$1 exists"
fi
}
# handle tar archives first
if 7z l "$@" | grep 'Type = tar'
then
mkorfail "$newdir"
if tar -C "$newdir" -xf "$@"
then
success "$newdir"
else
error "Broken archive"
fi
fi
# handle lzip archives next
if test '0000000 114 132 111 120' = "$(od -N4 -b "$@" | head -n1)"
then
if echo "$newdir" | grep '\.tar$'
then
newdir="$(echo "$newdir" | sed 's|\.tar$||')"
fi
mkorfail "$newdir"
# assume it contains a tar
if plzip -cd "$@" | tar -C "$newdir" -xf -
then
success "$newdir"
else
# it may not contain a tar
if plzip -cd "$@" > "$newdir/$(basename "$newdir")"
then
success "$newdir"
else
# it is corrupt so try to fix it
if lziprecover -R "$@"
then
error "Broken archive has been fixed so check it"
else
error "Broken archive"
fi
fi
fi
fi
# handle all other archive types
if 7z l "$@" | tail -n 1 | grep '1 files, 0 folders'
then
if 7z l "$@" | tail -n 3 | head -n 1 | awk '{ print $NF }' | grep '\.tar$'
then
# it contains a tar, assume no password, check and fix newdir name
if echo "$newdir" | grep '\.tar$'
then
newdir="$(echo "$newdir" | sed 's|\.tar$||')"
fi
mkorfail "$newdir"
if 7z x -so "$@" | tar -C "$newdir" -xf -
then
success "$newdir"
elif test "$(du -s "$newdir" | awk '{ print $1 }')" = 0
then
extract "$@" "$newdir"
else
error "Broken archive"
fi
else
mkorfail "$newdir"
extract "$@" "$newdir"
fi
else
mkorfail "$newdir"
extract "$@" "$newdir"
fi
Code:
#!/bin/sh
# use 7z and tar to create arhives, and Xdialog for gui
success()
{
Xdialog --title "Success" --msgbox "Compression successful" 5 30
exit 0
}
error() # error
{
Xdialog --title "Error" --msgbox "$1" 0 0
exit 1
}
# file or directory
if test -f "$@"
then
format="$(Xdialog --stdout --title "Compress file" --menu "Choose compression:" 0 0 0 "lz" "lzip" "gz" "gzip" "bz2" "bzip2" "xz" "xz" "7z" "7zip (no pass)" "7z-pass" "7zip (with pass)" "zip" "zip (no pass)" "zip-pass" "zip (with pass)")"
elif test -d "$@"
then
format="$(Xdialog --stdout --title "Compress directory" --menu "Choose compression:" 0 0 0 "tlz" "tar.lzip" "tgz" "tar.gzip" "tbz" "tar.bzip2" "txz" "tar.xz" "7z" "7zip (no pass)" "7z-pass" "7zip (with pass)" "zip" "zip (no pass)" "zip-pass" "zip (with pass)")"
else
error "Cannot compress input"
fi
if test -e "$@.$format"
then
error "$@.$format exists"
else
case "$format" in
tlz)
if tar -C "$@/.." -cf - "$(basename "$@")" | plzip > "$@.$format"
then
success
else
error "Compression failed"
fi
;;
lz)
if plzip -k "$@"
then
success
else
error "Compression failed"
fi
;;
tgz|tbz|txz)
if tar -C "$@/.." -cf - "$(basename "$@")" | 7za a -si "$@.$format"
then
success
else
error "Compression failed"
fi
;;
7z-pass|zip-pass)
# extra test needed
if test -e "$@.$(echo $format | cut -d- -f1)"
then
error "$@.$(echo $format | cut -d- -f1) exists"
fi
# get password
pass=-p"$(Xdialog --stdout --password --title "Archive password" --inputbox "Enter archive password:" 8 30)"
if test "$pass" != '-p'
then
if 7z a "$pass" "$@.$(echo $format | cut -d- -f1)" "$@"
then
success
else
error "Compression failed"
fi
else
exit 1
fi
;;
*)
if 7z a "$@.$format" "$@"
then
success
else
error "Compression failed"
fi
;;
esac
fi
If you want you can remove lzip support which I added to it recently. p7zip doesn't support lzip so more code had to go into it. I think it is worth it for lzip's ability to recover from corruption.
There are other programs you can try:
http://freecode.com/projects/patool
http://freecode.com/projects/peazip
|
|
|
04-08-2014, 07:33 PM
|
#4
|
Senior Member
Registered: Feb 2003
Distribution: debian
Posts: 4,137
|
I tend to mkdir a temp directory and extract the archives while cd'd into the temp directory. The --directory for tar probably does the same thing, not that I've used that method to know for sure. There's options to list the contents of a tar / zip before you extract. And other ways to avoid explosions to the current working directory. The safe route is to assume that archives will ALWAYS expand to the cwd (current working directory).
|
|
|
04-09-2014, 11:54 AM
|
#6
|
Senior Member
Registered: Dec 2013
Distribution: Slackware
Posts: 1,982
|
For specifically crafted files you would want to check the extracted size and make sure it is reasonable before extracting. It's not common, so I'm not overly concerned. They are also likely to be stored as sparse files so they are unlikely to cause major problems.
Last edited by metaschima; 04-09-2014 at 11:55 AM.
|
|
|
04-09-2014, 02:29 PM
|
#7
|
LQ 5k Club
Registered: Jan 2006
Location: Oldham, Lancs, England
Distribution: Slackware64 15; SlackwareARM-current (aarch64); Debian 12
Posts: 8,311
Rep:
|
Not a script, but this sounds as if it might be what you're looking for:
http://slackbuilds.org/repository/14.1/system/atool/
Last edited by brianL; 04-09-2014 at 02:32 PM.
|
|
1 members found this post helpful.
|
04-10-2014, 12:37 PM
|
#8
|
Member
Registered: Apr 2012
Location: California
Posts: 422
Original Poster
Rep:
|
Quote:
Originally Posted by brianL
|
That is golden! And indeed, it's written in perl.
Thanks a bunch guys.
|
|
|
All times are GMT -5. The time now is 02:41 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|