Is it true that a tarball can change where files are extracted to regardless of the commands used to extract it?

Different tar utilities behave differently in this regard, so it's good to be careful. For a tar file that you didn't create, always list the table of contents before extracting it.

Solaris tar:

The named files are extracted from the tarfile and written to the directory specified in the tarfile, relative to the current directory. Use the relative path names of files and directories to be extracted.

Absolute path names contained in the tar archive are unpacked using the absolute path names, that is, the leading forward slash (/) is not stripped off.

In the case of a tar file with full (absolute) path names, such as:

/tmp/real-file
/etc/sneaky-file-here

... if you extract such a file, you'll end up with both files.

GNU tar:

By default, GNU tar drops a leading / on input or output, and complains about file names containing a .. component. There is an option that turns off this behavior:

--absolute-names

-P

Do not strip leading slashes from file names, and permit file names containing a .. file name component.

... if you extract a fully-pathed tar file using GNU tar without using the -P option, it will tell you:

tar: Removing leading / from member names

and will extract the file into subdirectories of your current directory.

AIX tar:

says nothing about it, and behaves as the Solaris tar -- it will create and extract tar files with full/absolute path names.

HP-UX tar: ^{(better online reference welcomed)}

WARNINGS

There is no way to restore an absolute path name to a relative position.

OpenBSD tar:

-P

Do not strip leading slashes (/) from pathnames. The default is to strip leading slashes.

There are -P options implemented for tar on macOS, FreeBSD and NetBSD as well, with the same semantics, with the addition that tar on FreeBSD and macOS will "refuse to extract archive entries whose pathnames contain .. or whose target directory would be altered by a symlink" without -P.

schilytools star:

-/

Don't strip leading slashes from file names when extracting an archive. Tar archives containing absolute pathnames are usually a bad idea. With other tar implementations, they may possibly never be extracted without clobbering existing files. Star for that reason, by default strips leading slashes from filenames when in extract mode.

One of the hilarious things that happen with tar bombs is that they change the permissions of the current directory to the one included in the tarball.

For instance, if a tarball includes the '.' directory, and you unpack it in /tmp as root, it will wreck your system by making the /tmp unwritable by anybody but root.