Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 6/24/83; site utah-cs.UUCP
Path: utzoo!watmath!clyde!cbosgd!ulysses!allegra!mit-eddie!godot!harvard!seismo!utah-cs!lepreau
From: lepreau@utah-cs.UUCP (Jay Lepreau)
Newsgroups: net.news
Subject: Re: Feature suggestion for netnews -- file enclosure
Message-ID: <3166@utah-cs.UUCP>
Date: Wed, 26-Dec-84 21:33:32 EST
Article-I.D.: utah-cs.3166
Posted: Wed Dec 26 21:33:32 1984
Date-Received: Fri, 28-Dec-84 05:14:40 EST
References: <1897@sun.uucp>
Organization: Univ of Utah CS Dept
Lines: 13

If this were implemented in a way which avoided using the shell,
it would be a big win for one reason: security.  With all the crud
posted to net.sources lately, I am just waiting for the latest and
greatest J Random Hack shar archive containing commands such as
cd; rm -rf * .[a-z]* in it, or much trickier.  Eyeballing and grepping
shar archives for such things doesn't work, particularly if here
documents are (carefully) left unquoted, or the cat/sed commands vary.
Actually, I suppose a shell script or program would be easy to write--
anything with unquoted here documents would be unsafe, and the rest
could be scanned and just the shell commands output for vgrepping.
Further ideas welcome.

Jay Lepreau