Bug 149903

Summary: impossible to open symlink
Product: [Frameworks and Libraries] kio-extras Reporter: Philippe Cloutier <chealer>
Component: ArchiveAssignee: Plasma Bugs List <plasma-bugs>
Status: CONFIRMED ---    
Severity: normal CC: amantia, elvis.angelaccio, mail
Priority: NOR    
Version: 18.04.3   
Target Milestone: ---   
Platform: Debian testing   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: Testcase
tar.cc.149903.diff

Description Philippe Cloutier 2007-09-16 07:19:35 UTC 
Version:            (using KDE KDE 3.5.7)
Installed from:    Debian testing/unstable Packages
OS:                Linux

Andreas Pakulat reported a bug with tar-s containing symlinks in Debian #380685.

When browsing a tar such as the one attached (tar:/home/chealer/test_kio_tar.tar), konqueror refuses to open/copy/etc. symlinks, complaining that (sorry for French)

Impossible d'ouvrir le fichier, certainement à cause de son format non géré.
tar:/bin/ls

Simultaneously the following is thrown:

KTar: WARNING: KTar: invalid TAR file. Header is: ,
kio (KIOConnection): ERROR: Header read failed, errno=104
kio (KIOConnection): ERROR: Header has invalid size (-1)

This points to a bug in KTar::readRawHeader or in the way it's called. Andreas first reported this against KDE 3.5.4.
Comment 1 Philippe Cloutier 2007-09-16 07:21:44 UTC 
Created attachment 21635 [details]
Testcase
Comment 2 David Faure 2007-09-19 23:56:51 UTC 
Should we really launch /bin/ls when clicking on that symlink? That would
seem like pretty dangerous behavior to me.... Hmm... OK, if I tar xf the tar file
then its ls symlink does point to /bin/ls indeed, not to bin/ls inside the tar file
like I first assumed.

Well I sort of fixed the bug, it now redirects to /bin/ls, but because konq listed it
as a non-executable file in the first place, it's trying to open it with another
application, and since there's no application associated with this type of file,
you get the open with dialog.... Not perfect for this use case, but it means
symlinks to local files that are not executables are fixed, at least.

Is there a real use case for this? Symlinks to executables inside tar files, and launching them from konqueror?
I'm curious -- and unsure about the security implications (what if I name a link "ls" but it in fact calls something
more dangerous... it's easier to click on it by mistake than when typing shell commands...).


Created an attachment (id=21660)
tar.cc.149903.diff
Comment 3 Andreas Pakulat 2007-09-20 00:18:11 UTC 
Well, the "use-case" I had was simply having kdevelop3 application templates with symlinks (not sure anymore why). And when the templates are built they are tar'red and the tar is installed. Then later when trying to create a project from the template that doesn't work because KTar can't unpack the symlinks that were tar'red during compilation. So I ended up with no kdevelop project. 

I don't use the symlinks anymore, but still I don't understand why KTar differs from normal tar in that it can't untar symlinks. I also don't quite understand what you said David, i.e. how it works now.
Comment 4 Philippe Cloutier 2007-09-20 01:50:40 UTC 
David, thanks for the work so far. I think what you done is sufficient or at least worth a try. I don't know the use case.

Nevertheless I'm wondering why KTar should behave differently than ark. KTar and ark already behave differently WRT directly included executables.
Comment 5 David Faure 2007-09-20 12:36:41 UTC 
Ah so the bug is about extracting, not about "running" the executable.
Extracting the symlink currently creates a copy of /bin/cp; this is another bug, I'll have to investigate it.
Comment 6 David Faure 2007-09-21 22:18:38 UTC 
SVN commit 715315 by dfaure:

Fix extraction of symlinks from tar/zip files when using copyTo() - at least at the KArchive level.
Unit tests in trunk.
CCBUG: 149903


 M  +25 -15    karchive.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=715315
Comment 7 David Faure 2007-09-21 22:59:30 UTC 
On Thursday 20 September 2007, David Faure wrote:
> Extracting the symlink currently creates a copy of /bin/cp; this is another bug, I'll have to investigate it.


Hmm. It's sort of a feature.
See old (closed) bug #5601 -- when copying a file over KIO, and the file is a remote symlink,
KIO resolves the symlink and copies the target file: this is because on FTP we 
want to download the real file, not the symlink.
However I can see how that is unexpected for tar:/...
This probably means that people see a conceptual difference between 
"ftp->file is a download, tar->file is an extraction".
Downloading a link makes no sense, while extracting a link does.
So much for consistency in the KIO operations :-)
Maybe this is something we can do depending on Class=:local and Class=:internet
(we already know if a protocol is local or remote).
So local->local should copy symlinks, while internet->local and internet->internet should copy the actual file, I guess?
Comment 8 Philippe Cloutier 2007-09-22 00:33:31 UTC 
FWIW, I can't answer.
Comment 9 Rafał Rzepecki 2008-07-29 21:35:45 UTC 
I can confirm that this behaviour is still present in 4.1. But what should be the correct one? Is there any consensus?
Comment 10 Julian Steinmann 2018-08-05 18:18:43 UTC 
I am not sure what to do with this bug. I'd propose closing it as WONTFIX, but if somebody does have strong opinions about this behavior we can also move it to kio-extras and keep it open. Is there anyone who opposes closing this report?
Comment 11 Philippe Cloutier 2018-08-05 21:31:50 UTC 
I do strongly believe that displaying "tar:/bin/ls" in the error message is inappropriate. If there is a decision to not support symlinks in KTar, there should be a clear message to that effect (and no errors printed in console).
Comment 12 Julian Steinmann 2018-08-09 13:43:06 UTC 
Okay, I'll move this report to kio-extras then.