Xref: utzoo news.admin:4135 news.sysadmin:1760 comp.mail.uucp:2418
Path: utzoo!utgpu!watmath!clyde!att!rutgers!mailrus!uflorida!novavax!proxftl!twwells!bill
From: bill@twwells.uucp (T. William Wells)
Newsgroups: news.admin,news.sysadmin,comp.mail.uucp
Subject: Re: Dangerous hole in Usenet!
Message-ID: <228@twwells.uucp>
Date: 1 Dec 88 04:49:32 GMT
References: <1971@van-bc.UUCP> <572@comdesign.CDI.COM> <5517@medusa.cs.purdue.edu> <561@redsox.UUCP> <215@twwells.uucp> <155@ecicrl.UUCP>
Reply-To: bill@twwells.UUCP (T. William Wells)
Organization: None, Ft. Lauderdale
Lines: 28

In article <155@ecicrl.UUCP> clewis@ecicrl.UUCP (Chris Lewis) writes:
: In article <215@twwells.uucp> bill@twwells.UUCP (T. William Wells) writes:
: >In article <561@redsox.UUCP> campbell@redsox.UUCP (Larry Campbell) writes:
: >: What's all this about writing gobs of code to decipher some new shar format?
: >: Why not just chroot(2) to a safe place before feeding the article to sh?
: >
: >Because you have to be superuser to chroot. I'm not about to have
: >chroot(1) be setuid root, so that means writing a special setuid root
: >program that just chroots so I can then unshar my mail maps.  And that
: >means having One More setuid root program running around on my system.
: >No thanks.
:
: Let me get this straight - you're so afraid of setuid programs that
: you won't even write your own 4 line C program to chroot and unpack your
: maps.

Setuid root programs are potential Trojan Horses. That means that
reasonable security means keeping a beady eye on each one.  I'd
rather not have such, if there is a better way.

:        I take it then that you don't unpack maps.  Right?

Wrong. As soon as I was notified of my stupidity in using the shell
to unpack the maps, I wrote a map unpacker.  It now does the work.

---
Bill
{uunet|novavax}!proxftl!twwells!bill