(extracting untrusted archives): New section.

[chaz/tar] / doc / tar.texi

diff --git a/doc/tar.texi b/doc/tar.texi
index e27f5fcfe917cf107e131c83084528291913e810..6a91f7642dd995ff731e6b9d14e7aec79d0ea879 100644 (file)
--- a/doc/tar.texi
+++ b/doc/tar.texi
@@ -1802,6 +1802,7 @@ long form of the operation without affecting the performance.
 * extracting archives::
 * extracting files::
 * extract dir::
+* extracting untrusted archives::
 * failing commands::
 @end menu
 
@@ -1922,6 +1923,23 @@ of the file names when you extract those files from the archive.
 @FIXME{IMPORTANT!  show the final structure, here.  figure out what it
 will be.}
 
+@node extracting untrusted archives
+@subsection Extracting Archives from Untrusted Sources
+
+Extracting files from archives can overwrite files that already exist.
+If you receive an archive from an untrusted source, you should make a
+new directory and extract into that directory, so that you don't have
+to worry about the extraction overwriting one of your existing files.
+For example, if @file{untrusted.tar} came from somewhere else on the
+Internet, and you don't necessarily trust its contents, you can
+extract it as follows:
+
+@example
+$ @kbd{mkdir newdir}
+$ @kbd{cd newdir}
+$ @kbd{tar -xvf ../untrusted.tar}
+@end example
+
 @node failing commands
 @subsection Commands That Will Fail
 
@@ -7775,11 +7793,7 @@ device,
 invocation.
 @end itemize
 
-In previous versions of @acronym{GNU} @command{tar}, the
-@samp{--compress-block} option (or even older:
-@samp{--block-compress}) was necessary to reblock compressed archives.
-It is now a dummy option just asking not to be used, and otherwise
-ignored.  If the output goes directly to a local disk, and not through
+If the output goes directly to a local disk, and not through
 stdout, then the last write is not extended to a full record size.
 Otherwise, reblocking occurs.  Here are a few other remarks on this
 topic: