Extract tarballs in Ubuntu:14.04 #435

PrajwalM2212 · 2019-08-30T19:32:25Z

Some tarballs cannot be extracted without running as root. Hence tar will be extracted by running the root command

Resolves #433

Signed-off-by: Prajwal M [email protected]

nishakm · 2019-08-30T20:55:22Z

tern/utils/rootfs.py

-    with tarfile.open(layer_tar_path) as tar:
-        tar.extractall(directory_path)
+    os.makedirs(directory_path)
+    root_command(extract_tar, layer_tar_path, '-C', directory_path)



Good catch! The trouble with shelling out to the system's tar utility is that it won't check for empty tarballs as we have seen in #430. I wonder if we can use tarfile to see if the tarball is empty or not before shelling out to it. If you can do this, I can close #226 as this change will resolve that one as well.

Yes. I will check for empty tarballs.

@nishakm tarfile module is not helping. tar -tf helps. But there are some security warnings associated with this. Any clue how to resolve them ?

If they can't be resolved then we may have to find another way to validate tar files.

@PrajwalM2212 do you get any warnings when running tar -tf on an ubuntu image? I don't see any.

nishakm · 2019-08-30T21:00:38Z

@PrajwalM2212 on line 61

else:
        return result

Can you remove the else: and just return result?

Some tarballs cannot be extracted without running as root. Hence tar will be extracted by running the root command Resolves tern-tools#433 Signed-off-by: Prajwal M <[email protected]>

nishakm · 2019-09-03T16:33:32Z

tern/utils/rootfs.py

-        tar.extractall(directory_path)
+    os.makedirs(directory_path)
+    with open(os.devnull, 'w') as test:
+        result = subprocess.call(['tar', '-tf', layer_tar_path],


Oh! This is what you meant by security warning. You can use root_command here as well and check to see if there is an error or if the result is an empty string.

root_command will take care of the pipe redirection for you and will return the result and an error message.

nishakm · 2019-09-04T23:35:10Z

Closing this as the commit is in the PR #440

PrajwalM2212 force-pushed the tar branch 2 times, most recently from 4cfe345 to f183a18 Compare August 30, 2019 19:35

nishakm reviewed Aug 30, 2019

View reviewed changes

nishakm mentioned this pull request Aug 30, 2019

Usage of tarfile.extractall() function without validating tarfile members #226

Closed

PrajwalM2212 force-pushed the tar branch 3 times, most recently from c2a2143 to 44e9015 Compare August 31, 2019 11:58

Extract tarballs in Ubuntu:14.04

551ec3c

Some tarballs cannot be extracted without running as root. Hence tar will be extracted by running the root command Resolves tern-tools#433 Signed-off-by: Prajwal M <[email protected]>

PrajwalM2212 force-pushed the tar branch from 44e9015 to 551ec3c Compare August 31, 2019 12:00

nishakm reviewed Sep 3, 2019

View reviewed changes

nishakm mentioned this pull request Sep 4, 2019

merge: Untar tarballs containing files with root permissions #440

Merged

nishakm closed this Sep 4, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Extract tarballs in Ubuntu:14.04 #435

Extract tarballs in Ubuntu:14.04 #435

PrajwalM2212 commented Aug 30, 2019

nishakm Aug 30, 2019

PrajwalM2212 Aug 30, 2019

PrajwalM2212 Aug 31, 2019

nishakm Sep 3, 2019

nishakm commented Aug 30, 2019

nishakm Sep 3, 2019 •

edited

Loading

nishakm Sep 3, 2019

nishakm commented Sep 4, 2019

Extract tarballs in Ubuntu:14.04 #435

Extract tarballs in Ubuntu:14.04 #435

Conversation

PrajwalM2212 commented Aug 30, 2019

nishakm Aug 30, 2019

Choose a reason for hiding this comment

PrajwalM2212 Aug 30, 2019

Choose a reason for hiding this comment

PrajwalM2212 Aug 31, 2019

Choose a reason for hiding this comment

nishakm Sep 3, 2019

Choose a reason for hiding this comment

nishakm commented Aug 30, 2019

nishakm Sep 3, 2019 • edited Loading

Choose a reason for hiding this comment

nishakm Sep 3, 2019

Choose a reason for hiding this comment

nishakm commented Sep 4, 2019

nishakm Sep 3, 2019 •

edited

Loading