Whenever you unpack a tarball/zipfile/rarfile, you are also risking yourself to overwrite any file in the current working directory, or at least to creating a fuckton of files and directories there (what is known as a tarbomb). The approaches I've used to avoid getting bombed are:
- Check a listing of the files in the package to make sure it won't crap out
in my
$PWD
. But I never really learned how to do that withunzip
orunrar
. - Preventively create a directory,
cd
there, and extract the package.
I grew bored of doing 2. manually, and of moving the only directory created
there to $PWD
when the package wasn't a tarbomb, so I wrote a script to
automate that. As easy as it sounds, there are lots of corner cases (FS
permissions, corrupted packages, etc., etc.), so I finally gave up on Bash and
wrote it as a Python script. You can get it, see how to use it, etc.,
here