rsalz@bbn.com (Rich Salz) (11/30/88)
1>Er, yes. Rich Salz's "cshar" package includes a "safe" unshar program in C. 2>Hmm. Please point me at this. I looked through the cshar package [...] 2>The shell program runs commands, but is by no mean secure (see man page). 2>Which one, then, is secure? 1>I erred. Rich's shell isn't secure. 1>On the other hand, it wouldn't take much to make it safe -- such as, put a 1>halt to all shell scripts that make references to absolute pathnames. The shell interpreter that comes with my "cshar" package is definitely not secure. It'd be hard to do something that's VERY safe, but I am putting in checks for things like overwriting existing files, creating very long files, making too many files or directories, etc. If you've got some special checks you'd like to see done, let me know. My only concern is that people end up trusting the interpreter and someone will write a shar that still manages to hurt your system. I don't know when I'll get around to putting out the new release. /rich $alz -- Please send comp.sources.unix-related mail to rsalz@uunet.uu.net.
amos@taux02.UUCP (Amos Shapir) (11/30/88)
As long as an unshar program creates file whose names are determined by external input, nobody's safe; it doesn't have to be sh to cause harm. If /bin/sh and /etc/passwd are protected, how about $HOME/.profile (~/.login for csh users)? -- Amos Shapir amos@nsc.com National Semiconductor (Israel) P.O.B. 3007, Herzlia 46104, Israel Tel. +972 52 522261 TWX: 33691, fax: +972-52-558322 34 48 E / 32 10 N (My other cpu is a NS32532)