tar: Security rules of thumb

1 
1 10.2.4 Security Rules of Thumb
1 ------------------------------
1 
1 This section briefly summarizes rules of thumb for avoiding security
1 pitfalls.
1 
1    * Protect archives at least as much as you protect any of the files
1      being archived.
1 
1    * Extract from an untrusted archive only into an otherwise-empty
1      directory.  This directory and its parent should be accessible only
1      to trusted users.  For example:
1 
1           $ chmod go-rwx .
1           $ mkdir -m go-rwx dir
1           $ cd dir
1           $ tar -xvf /archives/got-it-off-the-net.tar.gz
1 
1      As a corollary, do not do an incremental restore from an untrusted
1      archive.
1 
1    * Do not let untrusted users access files extracted from untrusted
1      archives without checking first for problems such as setuid
1      programs.
1 
1    * Do not let untrusted users modify directories that are ancestors of
1      top-level arguments of 'tar'.  For example, while you are executing
1      'tar -cf /archive/u-home.tar /u/home', do not let an untrusted user
1      modify '/', '/archive', or '/u'.
1 
1    * Pay attention to the diagnostics and exit status of 'tar'.
1 
1    * When archiving live file systems, monitor running instances of
1      'tar' to detect denial-of-service attacks.
1 
1    * Avoid unusual options such as '--absolute-names' ('-P'),
1      '--dereference' ('-h'), '--overwrite', '--recursive-unlink', and
1      '--remove-files' unless you understand their security implications.
1