Check if a tar file is a tarbomb

Mr. Alex · 2012-05-15 10:59:00

Hello!

So I created what I thought is supposed to be a tarbomb:

/some/long/long/long/path $ tar -cvf ~/some-path/tarbomb.tar ../../*

Now I try to actually see where it's going to explode:

tar -tf tarbomb.tar

and see no "../../" in the output. All paths start with named directories. Is it because tarbombs are not allowed in current version of GNUtar or you can't see that it's a tarbomb anyway?

As an addition: when you untar a tar file - does it overwrite existing files with no confirmation?

e_tank · 2012-05-15 14:12:07

gnu tar will strip leading /'s from file names so that no files can be extracted outside of the destination directory. to override this behaviour use the -P option both when creating and extracting the tar file. and yes gnu tar will replace existing files by default, use the -k option to to keep old files if they exist.

you could have found all this out just by typing: man tar

Mr. Alex · 2012-05-15 17:21:57

Thanks.

Last edited by Mr. Alex (2012-05-17 16:20:26)

Arch Linux

#1 2012-05-15 10:59:00

Check if a tar file is a tarbomb

#2 2012-05-15 14:12:07

Re: Check if a tar file is a tarbomb

#3 2012-05-15 17:21:57

Re: Check if a tar file is a tarbomb

Board footer