Xref: utzoo news.admin:4207 news.sysadmin:1865 comp.mail.uucp:2480 Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!ukma!rutgers!deimos!cseg!dws From: dws@cseg.uucp (David W. Summers) Newsgroups: news.admin,news.sysadmin,comp.mail.uucp Subject: Re: Dangerous hole in Usenet! Summary: Please tell me what is wrong with this? Keywords: maps unpacking unshar security hole Message-ID: <1381@cseg.uucp> Date: 8 Dec 88 01:24:39 GMT References: <1971@van-bc.UUCP> <572@comdesign.CDI.COM> <5517@medusa.cs.purdue.edu> <157@ecicrl.UUCP> Organization: College of Engineering, University of Arkansas, Fayetteville Lines: 55 In article <157@ecicrl.UUCP>, clewis@ecicrl.UUCP (Chris Lewis) writes: > [ deleted ] > Getting back for a moment to map unpacking - I think that the point has > been well made about automatic map unpacking being unsafe unless you use > uuhosts or something similar. It was rather funny seeing the "but I'm > safe because I use unshar" remarks, and then later those same people finding > out that their unshar is *probably* (you get that? "probably" - there are > literally hundreds of versions of unshar out there - don't flame me if > you happen to have one of the one or two that doesn't use /bin/sh) extremely > unsafe. > > I still think it would be a really good idea to come up with a new > format for map postings, so that we don't have to go through this fuss > about security holes over and over again as new SA's come online and > use the easy way out. As expressed by Scot Wilcoxon (datapg!sewilco) [...] That is a good idea, but what is wrong with the this? ================================================================================ #! /bin/sh #This program un-archives the map info and stores it in the map directory. cd /usr2/netnews/maps sed -e '1,/^echo/d' -e '/^SHAR_EOF/,$d' | ( read CAT IN TERMINATOR OUT FILENAME if [ "$CAT" != cat -o "$IN" != '<<' -o "$TERMINATOR" != \'SHAR_EOF\' -o "$OUT" != '>' ] then echo "$0: bad shar format." echo "First line after echo is:" echo "$CAT $IN $TERMINATOR $OUT $FILENAME" echo Map file ignored. exit else cat >./`basename $FILENAME` fi ) ================================================================================ The program doesn't use 'sh', and no-one can force the file into another directory because of the 'basename' command as it is put into the maps directory. Can anyone find something wrong with this so I can improve it even more? Thanks to who-ever provided much of this script....I was using 'sed' and 'sh' until your script came along and I decided to protect myself as much as is resonable. The main thing that I can see wrong is that someone could still corrupt the map up-stream of my site, but since I'm only 2-3 sites away from 'rutgers' I don't consider this too much of a problem. Any comments or suggestions appreciated. - David Summers (dws@cseg.uucp) (..!ksuvax1!harry!hcx!cseg!dws)