On Thu, Feb 11, 2016 at 11:24:01PM +0000, Ulli Horlacher wrote: > In https://docs.python.org/2/library/tarfile.html there is a warning: > > Never extract archives from untrusted sources without prior inspection. > It is possible that files are created outside of path, e.g. members that > have absolute filenames starting with "/" or filenames with two dots > "..". > > My program has to extract tar archives from untrusted sources :-}
Read the discussion in this issue on why this might be a bad idea: http://bugs.python.org/issue21109 -- Lars Gustäbel l...@gustaebel.de -- https://mail.python.org/mailman/listinfo/python-list
