<p>Today I learned that GNU tar does network connections if you say "foo:bar", it tries to resolve "foo". FFS, wasn't the Unix philosophy to do one thing and do it well? Luckily there's a "--force-local" option to GNU tar to avoid it doing remote connections.</p><p>Sorry if you're in trouble now, either reviewing your tar calls in your application and whether they can take user input as filename -- or if this was part of your exfiltration or attack on a system.</p>
