How to untar safely, without polluting the current directory in case of a tarbomb?
patool handles different kinds of archives and creates a subdirectory in case the archive contains multiple files to prevent cluttering the working directory with the extracted files.
Extract archive
patool extract archive.tar
To obtain a list of the supported formats, use patool formats
.
You could do something like
tar tf thefile.tar | cut -d/ -f1 | sort -u
to see what top-level entries a tar has; pipe to wc -l
to check if there's more than one. Note that there are a few cases where this would fail, e.g. if the tar contains file paths of the form somedir/whatever
and also ./somedir/whatever
(or something crazier); this should be uncommon, though.
This will read the whole tar file before outputting anything, because of the sort
, though it should be faster than actually extracting because it's just one sequential read and it can skip large files.
If you're doing this interactively and the file might be large, you can change sort -u
to uniq
and Control+C if it prints out more than one thing.
you can do:
pax <some.tar
...to list the contents of a tar
file.
if you want to know how many levels deep it goes, you can do:
pax <some.tar | tr -dc /\\n | sort -r | head -n1
you can explicitly forbid an explosion on extraction with:
mkdir some.tar
pax -'rs|^|some.tar/|' <some.tar