Paul Eggert <egg...@cs.ucla.edu> writes: > It's a little trickier than that, isn't it? It's OK for symlink > contents to contain ".." so long as it does not escape the current > directory. > > By "current directory" I mean either the working directory when 'tar' > starts, or the directory established via -C.
Yes, that would require more work. The idea of my patch was to avoid '..' symlinks all together by default, since I imagine most people are not extracting archives with them very often. I guess the way to behave as you describe is to keep track of the current working directory (or -C), then 'readlink' any symlink, canonicalize it, and check if it is a child of the current working directory. Collin
