Mastodon Feed: Post

Mastodon Feed

Boosted by jwz:
cliffle@hachyderm.io wrote:

Many Unix tar programs leak uninitialized data into unused portions of the file. This is not unusual for C programs (unfortunately). The leaked data is usually just repetition of earlier files, so it wasn't obviously useful for anything.

Until I noticed that optimizations to tar programs tended to change _which_ earlier data was leaked.

Turns out, you can use this behavior to fingerprint the tar implementation pretty precisely in some cases.

A screenshot of terminal output showing a hex dump of the final sector of a tar file, noting that it contains excess data. It points out that the excess data mirrors other data exactly 20 blocks back, and opines that this is likely a result of pdtar or early GNU tar.
A screenshot of terminal output showing a hex dump of the final sector of a tar file, noting that it contains excess data. It points out that the excess data mirrors other data exactly 20 blocks back, and opines that this is likely a result of V7 Unix-derived tar code.