Toby Peterson <address@hidden> writes:
I'm currently maintaining tar here at Apple, and I have a question
about the behavior of tar. In 1.13.25, if a filename such as '../file'
was specified without the -P option, it would give a warning like
"Member names contain `..'", but it wouldn't actually do anything.
In 1.14, the warning is "Removing leading `../' from member names",
and it does just that. This causes things to be compressed/extracted
into unexpected locations!
Anyway, I'm simply wondering if this is expected behavior.
Yes, as obeying leading "../" leads to the same security problems that
obeying leading "/" would.