Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!cornell!batcomputer!itsgw!steinmetz!uunet!ateng!chip From: chip@ateng.ateng.com (Chip Salzenberg) Newsgroups: news.admin Subject: Re: Dangerous hole in Usenet! Message-ID: <1988Nov27.162018.22115@ateng.ateng.com> Date: 27 Nov 88 21:20:18 GMT References: <1227@vsi1.UUCP> <117@hudson.Morgan.COM> Organization: A T Engineering, Tampa, FL Lines: 16 According to nagel@paris.ics.uci.edu (Mark Nagel): >According to chip@ateng (Chip Salzenberg): >>Er, yes. Rich Salz's "cshar" package includes a "safe" unshar program in C. > >Hmm. Please point me at this. I looked through the cshar package [...] >The shell program runs commands, but is by no mean secure (see man page). >Which one, then, is secure? I erred. Rich's shell isn't secure. On the other hand, it wouldn't take much to make it safe -- such as, put a halt to all shell scripts that make references to absolute pathnames. -- Chip Salzenbergor A T Engineering Me? Speak for my company? Surely you jest! Beware of programmers carrying screwdrivers.