Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!unmvax!ncar!ames!amdahl!nsc!taux01!taux02!amos
From: amos@taux02.UUCP (Amos Shapir)
Newsgroups: news.admin
Subject: Re: The dangers of shell archives
Summary: Nowhere to hide
Message-ID: <324@taux02.UUCP>
Date: 30 Nov 88 13:25:28 GMT
References: <1227@vsi1.UUCP> <117@hudson.Morgan.COM> <1988Nov27.162018.22115@ateng.ateng.com> <1241@papaya.bbn.com>
Organization: National Semiconductor (IC) Ltd, Israel Home of the 32532
Lines: 10
Hdate: 21 Kislev 5749

As long as an unshar program creates file whose names are determined by
external input, nobody's safe; it doesn't have to be sh to cause harm.  If
/bin/sh and /etc/passwd are protected, how about $HOME/.profile (~/.login for
csh users)?

-- 
	Amos Shapir				amos@nsc.com
National Semiconductor (Israel) P.O.B. 3007, Herzlia 46104, Israel
Tel. +972 52 522261  TWX: 33691, fax: +972-52-558322
34 48 E / 32 10 N			(My other cpu is a NS32532)