Warn about possible risks when extracting untrusted archives.

b9ff6697 · Lars Gustäbel · 39f1f452 · b9ff6697
Kaydet (Commit) b9ff6697 authored Agu 30, 2007 tarafından Lars Gustäbel
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 0 deletions

libtarfile.tex Doc/lib/libtarfile.tex +10 -0

No files found.
--- a/Doc/lib/libtarfile.tex
+++ b/Doc/lib/libtarfile.tex
@@ -207,6 +207,12 @@ tar archive several times. Each archive member is represented by a
    problems: A directory's modification time is reset each time a file is
    created in it. And, if a directory's permissions do not allow writing,
    extracting files to it will fail.
+    \begin{notice}[warning]
+    Never extract archives from untrusted sources without prior inspection.
+    It is possible that files are created outside of \var{path}, e.g. members
+    that have absolute filenames starting with \code{"/"} or filenames with
+    two dots \code{".."}.
+    \end{notice}
    \versionadded{2.5}
 \end{methoddesc}

@@ -221,6 +227,10 @@ tar archive several times. Each archive member is represented by a
    archive there are some issues you must take care of yourself. See the
    description for \method{extractall()} above.
    \end{notice}
+
+    \begin{notice}[warning]
+    See the warning for \method{extractall()}.
+    \end{notice}
 \end{methoddesc}

 \begin{methoddesc}{extractfile}{member}