From 89241a38897b0e73375996180ef6cd418978d88c Mon Sep 17 00:00:00 2001
From: =?utf8?q?Lars=20Gust=C3=A4bel?= <lars@gustaebel.de>
Date: Thu, 30 Aug 2007 20:24:31 +0000
Subject: [PATCH] Warn about possible risks when extracting untrusted archives.

---
 Doc/library/tarfile.rst | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/Doc/library/tarfile.rst b/Doc/library/tarfile.rst
index a0cd673299..f7e339f7fd 100644
--- a/Doc/library/tarfile.rst
+++ b/Doc/library/tarfile.rst
@@ -337,6 +337,13 @@ object, see :ref:`tarinfo-objects` for details.
    reset each time a file is created in it. And, if a directory's permissions do
    not allow writing, extracting files to it will fail.
 
+   .. warning::
+
+      Never extract archives from untrusted sources without prior inspection.
+      It is possible that files are created outside of *path*, e.g. members
+      that have absolute filenames starting with ``"/"`` or filenames with two
+      dots ``".."``.
+
    .. versionadded:: 2.5
 
 
@@ -353,6 +360,10 @@ object, see :ref:`tarinfo-objects` for details.
       are some issues you must take care of yourself. See the description for
       :meth:`extractall` above.
 
+   .. warning::
+
+      See the warning for :meth:`extractall`.
+
 
 .. method:: TarFile.extractfile(member)
 
-- 
2.50.1