archive: honor tar.umask even for pax headers

git archive's tar format uses extended pax headers to encode metadata
into the archive.  Most tar implementations correctly treat these as
metadata, but some that do not understand the pax format extract these
as files instead.  Apply the tar.umask setting to these entries to
prevent tampering by other users.

Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
brian m. carlson 2014-08-03 03:02:03 +00:00 committed by Junio C Hamano
parent e6aaa39347
commit 10f343ea81
2 changed files with 7 additions and 2 deletions

View File

@ -192,7 +192,7 @@ static int write_extended_header(struct archiver_args *args,
unsigned int mode; unsigned int mode;
memset(&header, 0, sizeof(header)); memset(&header, 0, sizeof(header));
*header.typeflag = TYPEFLAG_EXT_HEADER; *header.typeflag = TYPEFLAG_EXT_HEADER;
mode = 0100666; mode = 0100666 & ~tar_umask;
sprintf(header.name, "%s.paxheader", sha1_to_hex(sha1)); sprintf(header.name, "%s.paxheader", sha1_to_hex(sha1));
prepare_header(args, &header, mode, size); prepare_header(args, &header, mode, size);
write_blocked(&header, sizeof(header)); write_blocked(&header, sizeof(header));
@ -300,7 +300,7 @@ static int write_global_extended_header(struct archiver_args *args)
strbuf_append_ext_header(&ext_header, "comment", sha1_to_hex(sha1), 40); strbuf_append_ext_header(&ext_header, "comment", sha1_to_hex(sha1), 40);
memset(&header, 0, sizeof(header)); memset(&header, 0, sizeof(header));
*header.typeflag = TYPEFLAG_GLOBAL_HEADER; *header.typeflag = TYPEFLAG_GLOBAL_HEADER;
mode = 0100666; mode = 0100666 & ~tar_umask;
strcpy(header.name, "pax_global_header"); strcpy(header.name, "pax_global_header");
prepare_header(args, &header, mode, ext_header.len); prepare_header(args, &header, mode, ext_header.len);
write_blocked(&header, sizeof(header)); write_blocked(&header, sizeof(header));

View File

@ -113,4 +113,9 @@ test_expect_success 'archive empty subtree by direct pathspec' '
check_dir extract sub check_dir extract sub
' '
test_expect_success 'archive applies umask even for pax headers' '
git archive --format=tar HEAD >archive.tar &&
! grep 0666 archive.tar
'
test_done test_done