Drop server-side format detection; add timeouts
Drop server-side format detection entirely; format is now specified as
a second argument to the DATA or SIGN commands. Magic number check is
still done client-side for user convenience, but we could also add (in
the future) explicit --raw --gz --bz2 --xz options to override the
default.
Add timeouts to at least bits of the server.
Various server-side code cleanups:
- Always use an external helper for compression handling, including
decompression. This avoids the "the current RHEL Perl modules don't
support xz" problem entirely.
- Use loops rather than hard-coded lists of extensions.
- Attempt to undo a failed MOVE or LINK command.
[ XXX: Is this the right thing to do? ]
- Add a 128-bit random prefix to the temp dir to make sure it is
unguessable.
This checkin has not yet been sufficiently tested.
Suggested-by: Kees Cook <kees@outflux.net>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
16 files changed
