silvert@cs.dal.ca (Bill Silvert) (01/07/90)
I am surprised that there has not been a discussion of the implications of distributing software in self-extracting archives. I do this myself, but the potential for abuse is enormous. A special concern is with the LHARC archives, whch have tha ability (at least on the PC) to run a batch file after extraction. On the other hand, LHARC archives can be read with LHARC, whereas ZOO archives ghenerated with SEZ cannot be read, only extracted, so far as I know. Any suggestions on how to make the use of the self-extracting archives safe? -- Bill Silvert, Habitat Ecology Division. Bedford Institute of Oceanography, Dartmouth, NS, Canada B2Y 4A2 UUCP: ...!{uunet,watmath}!dalcs!biomel!bill Internet: bill%biomel@cs.dal.CA BITNET: bill%biomel%dalcs@dalac
ho@fergvax.unl.edu (Tiny Bubbles...) (01/08/90)
From article <1990Jan6.201238.10701@cs.dal.ca>, by silvert@cs.dal.ca (Bill Silvert): > but the potential for abuse is enormous. A special concern is with the > LHARC archives, whch have tha ability (at least on the PC) to run a > batch file after extraction. On the other hand, LHARC archives can be > read with LHARC, whereas ZOO archives ghenerated with SEZ cannot be > read, only extracted, so far as I know. Hmmm... so far, I have been unsuccessful in getting LHARC v1.13 to read its SFX'es ... it just keeps saying "no file," and I have no idea what that's supposed to mean. There's a program called RV (verson 1.21 is what I've seen) which can strip SFX'es into normal files. It's the only way I'm willing to look at an LHARC SFX. I don't know if it can undo a SEZ file or not. I'm just waiting for someone to upload an uncompressed virial file and claim it was an SFX. --- ... Michael Ho, University of Nebraska Internet: ho@hoss.unl.edu USnail: 115 Nebraska Union BITnet: cosx001@UNLCDC3 Lincoln, NE 68588-0461
w8sdz@smoke.BRL.MIL (Keith Petersen) (01/08/90)
In article <1368@unocss..unl.edu> ho@fergvax.unl.edu writes: >... so far, I have been unsuccessful in getting LHARC v1.13 to read its >SFX'es ... it just keeps saying "no file," and I have no idea what that's >supposed to mean. LHARC can read its own SFX files. You have to give it the FULL name of the file, including the file type. Syntax: LHARC E MYFILE.EXE LHARC E MYFILE.COM Works every time. -- Keith Petersen Maintainer of SIMTEL20's CP/M, MSDOS, & MISC archives [IP address 26.2.0.74] Internet: w8sdz@WSMR-SIMTEL20.Army.Mil, w8sdz@brl.arpa BITNET: w8sdz@NDSUVM1 Uucp: {ames,decwrl,harvard,rutgers,ucbvax,uunet}!wsmr-simtel20.army.mil!w8sdz
jb@altair.uucp (John Birchfield) (01/08/90)
In article <1368@unocss..unl.edu> ho@fergvax.unl.edu writes: >From article <1990Jan6.201238.10701@cs.dal.ca>, by silvert@cs.dal.ca (Bill Silvert): >> but the potential for abuse is enormous. A special concern is with the >> LHARC archives, whch have tha ability (at least on the PC) to run a >> batch file after extraction. On the other hand, LHARC archives can be >> read with LHARC, whereas ZOO archives ghenerated with SEZ cannot be >> read, only extracted, so far as I know. > Zoo versions 2 greater can extract files from either a self-extracting archive made with sez or from a corrupted archive. This is done with the help of a program called fiz which reads teh archive and lists probable offsets into the archive at which various files reside. You then run zoo with with the '@n extract/list at position n' option. If you ain't got that option available then I suggest you upgrade zoo. If you do then look through the files that came with the distribution for the fiz program. Of course the above instructions are only applicable if you're interested in getting at self extracting zoo files. I haven't seen too many on the net - it seems that they're of less importance since the virus wars have begun. +---------------------- | John Birchfield | jb@altair.csustan.edu +----------------------
larry@nstar.UUCP (Larry Snyder) (01/09/90)
> Hmmm... so far, I have been unsuccessful in getting LHARC v1.13 to read its > SFX'es ... it just keeps saying "no file," and I have no idea what that's > supposed to mean. I was using LHARC 1.13c and had no problems extracting files from an SFX. The current LHARC is called ICE and I extract files several times a week from SFX files. -- Larry Snyder, Northern Star Communications, Notre Dame, IN USA uucp: larry@nstar -or- ...!iuvax!ndmath!nstar!larry
ron@woan.austin.ibm.com (Ronald S. Woan) (01/09/90)
In article <511131@nstar.UUCP>, larry@nstar.UUCP (Larry Snyder) writes: |>The current LHARC is called ICE and I extract files several times a week |>from SFX files. Isn't ICE just a version that someone modified the source to use the extension ICE? I remember in BBS world there was a lot of commotion when ICE first started showing up that it may contain a Trojan Horse or something, but someone disassembled it and found that only the extension had been changed (the README file as well). Anyway, can someone on Compuserve tell us what the latest LHARC (PC Magazine's best of the year winner) is. Personally, I only use it for self-extracting archives because of its low overhead; I'd use it for general use except for its lack of exceptance in the BBS world. Ron +-----All Views Expressed Are My Own And Are Not Necessarily Shared By------+ +------------------------------My Employer----------------------------------+ + Ronald S. Woan (IBM VNET)WOAN AT AUSTIN, (AUSTIN)ron@woan.austin.ibm.com + + outside of IBM @cs.utexas.edu:ibmchs!auschs!woan.austin.ibm.com!ron +
roy@comcon.UUCP (Roy M. Silvernail) (01/10/90)
In article <1368@unocss..unl.edu>, ho@fergvax.unl.edu (Tiny Bubbles...) writes: > Hmmm... so far, I have been unsuccessful in getting LHARC v1.13 to read its > SFX'es ... it just keeps saying "no file," and I have no idea what that's > supposed to mean. Use 'lharc l filename.ext'... so if the SFX is wham.com, use 'lharc l wham.com' The '!' file in a sfx (if any) is called a telop file, and is displayed before a sfx is extracted. The real danger seems to be in imbedding ANSI sequences in a telop. LHarc 1.13 has a switch for the sfx's that prevents the AUTOLARC.BAT from being executed unless you tell it to, but the telop is merely extracted to the screen. I use ANSI.COM as my screen driver, and size the redefinition buffer to 0, so I need not worry about ANSI trickery. > I'm just waiting for someone to upload an uncompressed virial file and claim > it was an SFX. That would be trivial... need only to mimic the usual display accompanying a sfx disolving. (not nice... but trivial) -- _R_o_y _M_. _S_i_l_v_e_r_n_a_i_l | UUCP: uunet!comcon!roy | "Every race must arrive at this #include <opinions.h>;#define opinions MINE | point in its history" SnailMail: P.O. Box 210856, Anchorage, | ........Mr. Slippery Alaska, 99521-0856, U.S.A., Earth, etc. | <Ono-Sendai: the right choice!>
roy@comcon.UUCP (Roy M. Silvernail) (01/10/90)
In article <511131@nstar.UUCP>, larry@nstar.UUCP (Larry Snyder) writes: > The current LHARC is called ICE and I extract files several times a week > from SFX files. According to information I found on SIMTEL, the ICE 'version' of LHarc is an unauthorized hack. Supposedly, the only thing changed in the file is the file extension, but Yoshi didn't release it and I wouldn't trust it. Look for a file called LHWARN in the MSDOS.ARC directory of SIMTEL, I think. -- _R_o_y _M_. _S_i_l_v_e_r_n_a_i_l | UUCP: uunet!comcon!roy | "Every race must arrive at this #include <opinions.h>;#define opinions MINE | point in its history" SnailMail: P.O. Box 210856, Anchorage, | ........Mr. Slippery Alaska, 99521-0856, U.S.A., Earth, etc. | <Ono-Sendai: the right choice!>