in reply to Archive:Tar appears to store absolute pathnames as relative pathnames

In the current version, Archive::Tar has INSECURE_EXTRACT_MODE:
$Archive::Tar::INSECURE_EXTRACT_MODE This variable indicates whether Archive::Tar should allow files to be extracted outside their current working directory. Allowing this could have security implications, as a malicious tar archive could alter or replace any file the extracting user has permissions to. Therefor, the default is to not allow insecure extractions. If you trust the archive, or have other reasons to allow the archive to write files outside your current working directory, set this variable to true. Note that this is a backwards incompatible change from version 1.36 and before.
So it appears that the issue has been addressed.

  • Comment on Re: Archive:Tar appears to store absolute pathnames as relative pathnames

Replies are listed 'Best First'.
Re^2: Archive:Tar appears to store absolute pathnames as relative pathnames
by roboticus (Chancellor) on Dec 11, 2009 at 14:42 UTC

    Another clue in the documentation supporting the theory that Archive::Tar will support extracting absolute paths is the documentation for the Archive::Tar->extract_archive($file, $compressed) function:

    Extracts the contents of the tar file. The first argument can either be the name of the tar file to create or a reference to an open file handle (e.g. a GLOB reference). All relative paths in the tar file will be created underneath the current working directory.

    That implies that absolute paths have a different behavior--perhaps using the absolute path. You ought to give it a try and report back for posterity.

    ...roboticus

    Who really ought to try Archive::Tar sometime...

[reply]
[d/l]

In Section Seekers of Perl Wisdom