silvert@cs.dal.ca (Bill Silvert) (01/07/90)
I am surprised that there has not been a discussion of the implications
of distributing software in self-extracting archives. I do this myself,
but the potential for abuse is enormous. A special concern is with the
LHARC archives, whch have tha ability (at least on the PC) to run a
batch file after extraction. On the other hand, LHARC archives can be
read with LHARC, whereas ZOO archives ghenerated with SEZ cannot be
read, only extracted, so far as I know.
Any suggestions on how to make the use of the self-extracting archives safe?
--
Bill Silvert, Habitat Ecology Division.
Bedford Institute of Oceanography, Dartmouth, NS, Canada B2Y 4A2
UUCP: ...!{uunet,watmath}!dalcs!biomel!bill
Internet: bill%biomel@cs.dal.CA BITNET: bill%biomel%dalcs@dalacho@fergvax.unl.edu (Tiny Bubbles...) (01/08/90)
From article <1990Jan6.201238.10701@cs.dal.ca>, by silvert@cs.dal.ca (Bill Silvert): > but the potential for abuse is enormous. A special concern is with the > LHARC archives, whch have tha ability (at least on the PC) to run a > batch file after extraction. On the other hand, LHARC archives can be > read with LHARC, whereas ZOO archives ghenerated with SEZ cannot be > read, only extracted, so far as I know. Hmmm... so far, I have been unsuccessful in getting LHARC v1.13 to read its SFX'es ... it just keeps saying "no file," and I have no idea what that's supposed to mean. There's a program called RV (verson 1.21 is what I've seen) which can strip SFX'es into normal files. It's the only way I'm willing to look at an LHARC SFX. I don't know if it can undo a SEZ file or not. I'm just waiting for someone to upload an uncompressed virial file and claim it was an SFX. --- ... Michael Ho, University of Nebraska Internet: ho@hoss.unl.edu USnail: 115 Nebraska Union BITnet: cosx001@UNLCDC3 Lincoln, NE 68588-0461
w8sdz@smoke.BRL.MIL (Keith Petersen) (01/08/90)
In article <1368@unocss..unl.edu> ho@fergvax.unl.edu writes: >... so far, I have been unsuccessful in getting LHARC v1.13 to read its >SFX'es ... it just keeps saying "no file," and I have no idea what that's >supposed to mean. LHARC can read its own SFX files. You have to give it the FULL name of the file, including the file type. Syntax: LHARC E MYFILE.EXE LHARC E MYFILE.COM Works every time. -- Keith Petersen Maintainer of SIMTEL20's CP/M, MSDOS, & MISC archives [IP address 26.2.0.74] Internet: w8sdz@WSMR-SIMTEL20.Army.Mil, w8sdz@brl.arpa BITNET: w8sdz@NDSUVM1 Uucp: {ames,decwrl,harvard,rutgers,ucbvax,uunet}!wsmr-simtel20.army.mil!w8sdz
jb@altair.uucp (John Birchfield) (01/08/90)
In article <1368@unocss..unl.edu> ho@fergvax.unl.edu writes: >From article <1990Jan6.201238.10701@cs.dal.ca>, by silvert@cs.dal.ca (Bill Silvert): >> but the potential for abuse is enormous. A special concern is with the >> LHARC archives, whch have tha ability (at least on the PC) to run a >> batch file after extraction. On the other hand, LHARC archives can be >> read with LHARC, whereas ZOO archives ghenerated with SEZ cannot be >> read, only extracted, so far as I know. > Zoo versions 2 greater can extract files from either a self-extracting archive made with sez or from a corrupted archive. This is done with the help of a program called fiz which reads teh archive and lists probable offsets into the archive at which various files reside. You then run zoo with with the '@n extract/list at position n' option. If you ain't got that option available then I suggest you upgrade zoo. If you do then look through the files that came with the distribution for the fiz program. Of course the above instructions are only applicable if you're interested in getting at self extracting zoo files. I haven't seen too many on the net - it seems that they're of less importance since the virus wars have begun. +---------------------- | John Birchfield | jb@altair.csustan.edu +----------------------
larry@nstar.UUCP (Larry Snyder) (01/09/90)
> Hmmm... so far, I have been unsuccessful in getting LHARC v1.13 to read its > SFX'es ... it just keeps saying "no file," and I have no idea what that's > supposed to mean. I was using LHARC 1.13c and had no problems extracting files from an SFX. The current LHARC is called ICE and I extract files several times a week from SFX files. -- Larry Snyder, Northern Star Communications, Notre Dame, IN USA uucp: larry@nstar -or- ...!iuvax!ndmath!nstar!larry
ron@woan.austin.ibm.com (Ronald S. Woan) (01/09/90)
In article <511131@nstar.UUCP>, larry@nstar.UUCP (Larry Snyder) writes: |>The current LHARC is called ICE and I extract files several times a week |>from SFX files. Isn't ICE just a version that someone modified the source to use the extension ICE? I remember in BBS world there was a lot of commotion when ICE first started showing up that it may contain a Trojan Horse or something, but someone disassembled it and found that only the extension had been changed (the README file as well). Anyway, can someone on Compuserve tell us what the latest LHARC (PC Magazine's best of the year winner) is. Personally, I only use it for self-extracting archives because of its low overhead; I'd use it for general use except for its lack of exceptance in the BBS world. Ron +-----All Views Expressed Are My Own And Are Not Necessarily Shared By------+ +------------------------------My Employer----------------------------------+ + Ronald S. Woan (IBM VNET)WOAN AT AUSTIN, (AUSTIN)ron@woan.austin.ibm.com + + outside of IBM @cs.utexas.edu:ibmchs!auschs!woan.austin.ibm.com!ron +
roy@comcon.UUCP (Roy M. Silvernail) (01/10/90)