diff --git a/git_tarballs b/git_tarballs
index a95a40b..e7bdeed 100755
--- a/git_tarballs
+++ b/git_tarballs
@@ -256,6 +256,14 @@ def update_changes_file(package, changes):
         f.close()
 
 
+def _check_filenames(*filenames):
+    for filename in filenames:
+        basename = os.path.basename(filename)
+        if os.path.abspath(filename) != os.path.abspath(basename):
+            # no arbitrary filename, please
+            sys.exit("%s: illegal filename" % filename)
+
+
 if __name__ == '__main__':
     parser = argparse.ArgumentParser(description='Git Tarballs')
     parser.add_argument('--url', required=True,
@@ -281,6 +289,7 @@ if __name__ == '__main__':
     if not args.package:
         args.package = os.getcwd().rsplit("/", 1)[1]
 
+    _check_filenames(args.filename, args.package)
     download_tarball(args.url, args.filename)
 
     changelog = get_changelog_from_tarball(args.filename)