bill@sigma.UUCP (04/20/86)
In article <455@gould9.UUCP> joel@gould9.UUCP (Joel West) writes: >[...] >Any posting of a Trojan Horse would immediately require that the >offending site be removed from the net. If the posting came in through >a forgery, the site accepting the forgery would be required to take >corrective actions (such as removing anonymous UUCP logins) or quit the net. >[...] Sounds like what you _really_ need is an "unshar.c" (to complement shar.c, of course), that has a very limited command set, to avoid those Trojan Horses.
larry@kitty.UUCP (Larry Lippman) (04/21/86)
In article <403@ukecc.UUCP>, edward@ukecc.UUCP (Edward C. Bennett) writes: >> >> Part of the joke was funny, and part of it was not so funny. Anyone >> naive enough to believe that a deleted file could be recovered was well >> fooled by the introductory remarks and the phony manual page. > > But you can recover an unlinked file! I know, I've had to do it. > You must unmount the file system and search the free list for your data. > It's a PITA, but worth it if you lose something big. I don't claim to be a UNIX internals expert (I have enough trouble writing I/O drivers :-) ), but don't most ports of UNIX zero disk blocks after an unlink(2)? As I seem to recall, unlink(2) is derived from unlink.s, which is assembly language specific for the given machine. And unlink.s contains a routine _unlink which fills the disk blocks with .word defined as 0x0000. Any comments from those who know more? ==> Larry Lippman @ Recognition Research Corp., Clarence, New York ==> UUCP {decvax|dual|rocksanne|rocksvax|watmath}!sunybcs!kitty!larry ==> VOICE 716/688-1231 {rice|shell}!baylor!/ ==> FAX 716/741-9635 {G1, G2, G3 modes} seismo!/ ==> "Have you hugged your cat today?" ihnp4!/
andy@cheviot.uucp (Andy Linton) (04/21/86)
In article <7208@tekecs.UUCP> jans@tekecs.UUCP (Jan Steinman) writes: >In article <455@gould9.UUCP> joel@gould9.UUCP (Joel West) writes: >>I think that sanctions appropriate to terrorists should be enforced. >>Any posting of a Trojan Horse would immediately require that the >>offending site be removed from the net... > >...preferably through the use of a dozen F-111's. :-( Will you want to launch these from British airfields too? -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SENDER : Andy Linton PHONE : +44 632 329233 POST : Computing Lab, University of Newcastle upon Tyne, UK, NE1 7RU ARPA : andy%cheviot.newcastle.ac.uk@ucl-cs.ARPA) JANET : andy@uk.ac.newcastle.cheviot UUCP : <UK>!ukc!cheviot!andy *** Ni fui moran beagan d'aon rud, ach is fui moran beagan ceille. ***
tp@wucs.UUCP (04/23/86)
I've been waiting for someone else to say this...
naughtiness in shar files is only the tip of the iceberg. The program
contained in the shar may do bad things... the makefile that builds the
program may do bad things...
doesn't have to be anything malicious -- I see a lot of makefiles
that would install things where I wouldn't want them or would write over
something important or were just simply incorrect (a lot of the same can
be said for the shar files; a lot of authors don't seem to anticipate system
configurations different from their own).
anyway, even if you could somehow arrange for secure transmission
of the source, you're not secure from someone who wants to do "bad things"
or even from someone ignorant.
if you want to be safe,
READ THE WHOLE THING FIRST.
(do I follow my own advice? not always, but I try to take enough
precautions to avoid catastrophic disasters)
...tp...
tom patterson tp@wucs.UUCP {ihnp4, cbosgd, seismo}!wucs!tptony@uqcspe.OZ (Tony O'Hagan) (05/01/86)
A suitable format for sending shar files might be to write a standard shar program which creates the usual bourne shell command files that can be executed at any site, but also integrate an unshar (or unmar) program into the news package which treats the shell commands in shar files purely as file delimiters - i.e. it doesn't execute them. This would mean the shared file could be unpacked by any site with the Bourne shell (after being checked manually for security problems) or automatically checked and unpacked by sites which have installed the extension to their news service.