Path: utzoo!attcan!telly!eci386!jmm
From: jmm@eci386.uucp (John Macdonald)
Newsgroups: comp.sources.d
Subject: Re: An idea for safer and portable unshar-ing
Message-ID: <1989Oct6.145110.6894@eci386.uucp>
Date: 6 Oct 89 14:51:10 GMT
References: <1989Sep30.171114.12550@chance.UUCP> <8910020054.AA08811@cscwam.UMD.EDU> <2270@munnari.oz.au> <1989Oct3.225620.17825@chance.UUCP>
Reply-To: jmm@eci386.UUCP (John Macdonald)
Organization: R. H. Lathwell Associates: Elegant Communications, Inc.
Lines: 25

In article <1989Oct3.225620.17825@chance.UUCP> john@chance.UUCP (John R. MacMillan) writes:

>That's why I suggested what I did; it still works for everyone who's
>happy with shar format, and it makes it easier on people without
>/bin/sh or who don't trust running /bin/sh on someone elses shars.
>(I'm neither, by the way).

I'm also neither - if I'm going to compile and run somebody elses C
program, that danger in also running their shar program to unpack it
seems minimal.  The same nasty trojan effects can be put in either
place by a dastardly villain, so closing the "sh" door does not do
much to improve safety.

Of course, I'm sufficiently rarely able to spend enough time on net
activities to both get a new set of source from the net and unpack
it and try to run it all in the same session.  Thus, I have the benefit
of expecting that by the time I *do* get around to trying something
out the lack of flames on the net implies a lack of trojans in the
source.  (Thank you to the brave pioneers who offer their file systems
up in sacrifice to the Trojan demons.  May your offerings never be
accepted.)
-- 
"Software and cathedrals are much the same -          | John Macdonald
first we build them, then we pray" (Sam Redwine)      |   jmm@eci386