Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.1 6/24/83; site utah-cs.UUCP Path: utzoo!watmath!clyde!cbosgd!ulysses!allegra!mit-eddie!godot!harvard!seismo!utah-cs!lepreau From: lepreau@utah-cs.UUCP (Jay Lepreau) Newsgroups: net.news Subject: Re: Feature suggestion for netnews -- file enclosure Message-ID: <3166@utah-cs.UUCP> Date: Wed, 26-Dec-84 21:33:32 EST Article-I.D.: utah-cs.3166 Posted: Wed Dec 26 21:33:32 1984 Date-Received: Fri, 28-Dec-84 05:14:40 EST References: <1897@sun.uucp> Organization: Univ of Utah CS Dept Lines: 13 If this were implemented in a way which avoided using the shell, it would be a big win for one reason: security. With all the crud posted to net.sources lately, I am just waiting for the latest and greatest J Random Hack shar archive containing commands such as cd; rm -rf * .[a-z]* in it, or much trickier. Eyeballing and grepping shar archives for such things doesn't work, particularly if here documents are (carefully) left unquoted, or the cat/sed commands vary. Actually, I suppose a shell script or program would be easy to write-- anything with unquoted here documents would be unsafe, and the rest could be scanned and just the shell commands output for vgrepping. Further ideas welcome. Jay Lepreau