Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!unmvax!ncar!ames!amdahl!nsc!taux01!taux02!amos From: amos@taux02.UUCP (Amos Shapir) Newsgroups: news.admin Subject: Re: The dangers of shell archives Summary: Nowhere to hide Message-ID: <324@taux02.UUCP> Date: 30 Nov 88 13:25:28 GMT References: <1227@vsi1.UUCP> <117@hudson.Morgan.COM> <1988Nov27.162018.22115@ateng.ateng.com> <1241@papaya.bbn.com> Organization: National Semiconductor (IC) Ltd, Israel Home of the 32532 Lines: 10 Hdate: 21 Kislev 5749 As long as an unshar program creates file whose names are determined by external input, nobody's safe; it doesn't have to be sh to cause harm. If /bin/sh and /etc/passwd are protected, how about $HOME/.profile (~/.login for csh users)? -- Amos Shapir amos@nsc.com National Semiconductor (Israel) P.O.B. 3007, Herzlia 46104, Israel Tel. +972 52 522261 TWX: 33691, fax: +972-52-558322 34 48 E / 32 10 N (My other cpu is a NS32532)