[Bug-tar] Unpacking a tar with a "./" entry changes dir timestamp and maybe ownership too

[Hugo Mildenberger]

Some package maintainers have the habit of using 

                tar -cf some-archive.tar   .

which produces an archive containing a "./" entry. This differs from the 
archive you get when tar was run without the trailing dot. 

If you unpack such a tar archive as a normal user, the "./" entry leads to a 
change of the timestamp of '.', which is often current directory. If you run 
tar as  root, even the ownership and permission of '.' directory changes. If 
you happen to do this in root's home, /root  may then belong to someone else, 
with permissions specified by someone you may not even remotely know.   


Example for ~/test warped back in time:

 ~/test $ touch .
 ~/test $ ls -ld ../test && tar -xf /tmp/test.tar && ls -ld ../test
drwxr-xr-x 2 hm hm 4096 Aug 14 12:14 ../test
drwxr-xr-x 2 hm hm 4096 Aug 14 12:08 ../test


Example run as user root in root's homedir:

# cd /root && ls -ld /root && tar -xf /tmp/test.tar && ls -ld /root
drwx------ 24 root root 4096 Aug 14 12:04 /root
drwxr-xr-x 24 hm hm 4096 Aug 14 12:08 /root



Here is the content of test.tar:

$ tar -tvf /tmp/test.tar
drwxr-xr-x hm/hm             0 2010-08-14 12:08 ./
-rw-r--r-- hm/hm            73 2010-08-14 12:05 ./Makefile
-rw-r--r-- hm/hm          3697 2010-08-14 12:05 ./rl.c



I've found no way to stop tar from expanding the "./" entry. I tried 
variations of tar --exclude='.' './' and so on,but if tar matches the "./" 
entry, it will also exclude all files belonging to that directory, and that is 
documented behaviour.

Hence, I propose to filter "." entries, much like it is already done with ".." 
for security reasons, or at least add an option to selectively prevent '.' 
entries from being considered while extracting (and './.', '././.', ... 
somedir/. and so on)


The long version of this story is here:
http://bugs.gentoo.org/show_bug.cgi?id=332217