archive: honor tar.umask even for pax headers
git archive's tar format uses extended pax headers to encode metadata into the archive. Most tar implementations correctly treat these as metadata, but some that do not understand the pax format extract these as files instead. Apply the tar.umask setting to these entries to prevent tampering by other users. Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
parent
e6aaa39347
commit
10f343ea81
@ -192,7 +192,7 @@ static int write_extended_header(struct archiver_args *args,
|
||||
unsigned int mode;
|
||||
memset(&header, 0, sizeof(header));
|
||||
*header.typeflag = TYPEFLAG_EXT_HEADER;
|
||||
mode = 0100666;
|
||||
mode = 0100666 & ~tar_umask;
|
||||
sprintf(header.name, "%s.paxheader", sha1_to_hex(sha1));
|
||||
prepare_header(args, &header, mode, size);
|
||||
write_blocked(&header, sizeof(header));
|
||||
@ -300,7 +300,7 @@ static int write_global_extended_header(struct archiver_args *args)
|
||||
strbuf_append_ext_header(&ext_header, "comment", sha1_to_hex(sha1), 40);
|
||||
memset(&header, 0, sizeof(header));
|
||||
*header.typeflag = TYPEFLAG_GLOBAL_HEADER;
|
||||
mode = 0100666;
|
||||
mode = 0100666 & ~tar_umask;
|
||||
strcpy(header.name, "pax_global_header");
|
||||
prepare_header(args, &header, mode, ext_header.len);
|
||||
write_blocked(&header, sizeof(header));
|
||||
|
@ -113,4 +113,9 @@ test_expect_success 'archive empty subtree by direct pathspec' '
|
||||
check_dir extract sub
|
||||
'
|
||||
|
||||
test_expect_success 'archive applies umask even for pax headers' '
|
||||
git archive --format=tar HEAD >archive.tar &&
|
||||
! grep 0666 archive.tar
|
||||
'
|
||||
|
||||
test_done
|
||||
|
Loading…
Reference in New Issue
Block a user