Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!cs.utexas.edu!tut.cis.ohio-state.edu!pt.cs.cmu.edu!andrew.cmu.edu!jm36+
From: jm36+@andrew.cmu.edu (John Gardiner Myers)
Newsgroups: comp.sources.d
Subject: Re: An idea for safer and portable unshar-ing
Message-ID: <8Z_gmVW00WB_ADCUZN@andrew.cmu.edu>
Date: 5 Oct 89 03:38:09 GMT
References: <1989Sep30.171114.12550@chance.UUCP> <8910020054.AA08811@cscwam.UMD.EDU> <2270@munnari.oz.au>, <923@cirrusl.UUCP>,
	<8910050308.AA04401@umbc3.umbc.edu>
Organization: Mathematics, Carnegie Mellon, Pittsburgh, PA
Lines: 26
In-Reply-To: <8910050308.AA04401@umbc3.umbc.edu>

tron!moran@umbc3 (Harvey R Moran) writes:
>    You have a decent idea, but your implementation leaves something to
> be desired. [...]
>    Your program assumes a working sh to prime it.  It also does a
> compile, one of the things which would raise my paranoia level.  Worse
> yet, it deletes the thing that was compiled so I "can't" see what was
> done.

You miss the point.  Anyone with half an interest in security would
use the "unmar" program which I would have published in
comp.sources.unix.  This program would ignore everything before the
first "BEGIN", could only create files and directories, would not
allow absolute pathnames and "..", would handle the "Part M of N"
foolishness, etc.  I believe the version I have is portable to
non-unix systems, but I haven't actually gone through the trouble of
beta-testing it.

The short C program in the archive is only for people who don't want
to hunt down the "unmar" program.  In that case, the format is no less
secure than the shar format.  People on systems where the compiler is
not invokable as "cc" can simply cut out the small program, compile
it themselves, and feed it the archive.

-- 
_.John G. Myers		Internet: John.G.Myers@andrew.cmu.edu
(412) 268-2984		LoseNet:  ...!seismo!ihnp4!wiscvm.wisc.edu!give!up