Info Catalog tar: Privacy tar: Security tar: Live untrusted data

tar: Integrity

1 
1 10.2.2 Integrity
1 ----------------
1 
1 When creating archives, take care that they are not writable by a
1 untrusted user; otherwise, that user could modify the archive, and when
1 you later extract from the archive you will get incorrect data.
1 
1    When 'tar' extracts from an archive, by default it writes into files
1 relative to the working directory.  If the archive was generated by an
1 untrusted user, that user therefore can write into any file under the
1 working directory.  If the working directory contains a symbolic link to
1 another directory, the untrusted user can also write into any file under
1 the referenced directory.  When extracting from an untrusted archive, it
1 is therefore good practice to create an empty directory and run 'tar' in
1 that directory.
1 
1    When extracting from two or more untrusted archives, each one should
1 be extracted independently, into different empty directories.
1 Otherwise, the first archive could create a symbolic link into an area
1 outside the working directory, and the second one could follow the link
1 and overwrite data that is not under the working directory.  For
1 example, when restoring from a series of incremental dumps, the archives
1 should have been created by a trusted process, as otherwise the
1 incremental restores might alter data outside the working directory.
1 
1    If you use the '--absolute-names' ('-P') option when extracting,
1 'tar' respects any file names in the archive, even file names that begin
1 with '/' or contain '..'.  As this lets the archive overwrite any file
1 in your system that you can write, the '--absolute-names' ('-P') option
1 should be used only for trusted archives.
1 
1    Conversely, with the '--keep-old-files' ('-k') and '--skip-old-files'
1 options, 'tar' refuses to replace existing files when extracting.  The
1 difference between the two options is that the former treats existing
1 files as errors whereas the latter just silently ignores them.
1 
1    Finally, with the '--no-overwrite-dir' option, 'tar' refuses to
1 replace the permissions or ownership of already-existing directories.
1 These options may help when extracting from untrusted archives.
1
Info Catalog tar: Privacy tar: Security tar: Live untrusted data