On 13/08/13 08:56 PM, Paul Eggert wrote:
Connor Behan wrote:
This could be handled without adding a new option
if -k became "don't replace existing files or create more than one file
at the top level when extracting, treat them as errors". So -k would
become a broader kind of "play it safe while extracting" option.
We probably can't change -k that drastically, but it would
be OK to add an option that says "allow at most one top-level
name", which could be combined with -k.
Sounds good. AFAIK, the most promising way to avoid tarbombs so far
is a script called untar.py
but it would be annoying to get into the habit of typing a
completely different command for extracting. If tar quit and said
"this is a tarbomb, you will have to use untar.py this one time" I'd
be more happy. I will submit a patch that does this, as well as a v3
of my bigger patch.
|