From b9ff6697487f3fb4e8123c0632565539b7987bbc Mon Sep 17 00:00:00 2001
From: =?utf8?q?Lars=20Gust=C3=A4bel?= <lars@gustaebel.de>
Date: Thu, 30 Aug 2007 20:25:13 +0000
Subject: [PATCH] Warn about possible risks when extracting untrusted archives.

---
 Doc/lib/libtarfile.tex | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/Doc/lib/libtarfile.tex b/Doc/lib/libtarfile.tex
index b33ac606ca29..d17316424855 100644
--- a/Doc/lib/libtarfile.tex
+++ b/Doc/lib/libtarfile.tex
@@ -207,6 +207,12 @@ tar archive several times. Each archive member is represented by a
     problems: A directory's modification time is reset each time a file is
     created in it. And, if a directory's permissions do not allow writing,
     extracting files to it will fail.
+    \begin{notice}[warning]
+    Never extract archives from untrusted sources without prior inspection.
+    It is possible that files are created outside of \var{path}, e.g. members
+    that have absolute filenames starting with \code{"/"} or filenames with
+    two dots \code{".."}.
+    \end{notice}
     \versionadded{2.5}
 \end{methoddesc}
 
@@ -221,6 +227,10 @@ tar archive several times. Each archive member is represented by a
     archive there are some issues you must take care of yourself. See the
     description for \method{extractall()} above.
     \end{notice}
+
+    \begin{notice}[warning]
+    See the warning for \method{extractall()}.
+    \end{notice}
 \end{methoddesc}
 
 \begin{methoddesc}{extractfile}{member}
-- 
2.47.3