Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!elroy.jpl.nasa.gov!aero!faigin
From: faigin@aerospace.aero.org (Daniel P. Faigin)
Newsgroups: alt.sources.d
Subject: Re: shars and security concerns.
Message-ID: <FAIGIN.90May2120834@sunstroke.aerospace.aero.org>
Date: 2 May 90 19:08:34 GMT
References: <662@n4hgf.uucp> <1152@chinacat.Unicom.COM> <518@cpsolv.CPS.COM>
	<1203@chinacat.Unicom.COM> <FQ53S_xds13@ficc.uu.net>
	<15441@bfmny0.UU.NET>
Sender: news@aerospace.aero.org
Organization: The Aerospace Corporation, Computer Security Department, El
	Segundo CA
Lines: 38
In-reply-to: tneff@bfmny0.UU.NET's message of 2 May 90 06:46:17 GMT

In article <15441@bfmny0.UU.NET> tneff@bfmny0.UU.NET (Tom Neff) writes:
> In article <FQ53S_xds13@ficc.uu.net> peter@ficc.uu.net (Peter da Silva) writes:
> >I still fail to understand the security concerns of shars, apart from the
> >single case of comp.mail.maps.

> It's not *just* security, although that's part of it.  It's also
> reliability, portability and overall safety (not just protection against
> malice).  Shell archives should not do strange crap.  They should do the
> absolute minimum necessary to create a fileset on minimally POSIX-ish
> systems, while LOOKING uniform in structure so that non-Bourne extractor
> programs can understand them.

> I would allow only six basic operations: create file, create directory, mark
> executable, verify integrity, echo to user and abort.

There are still major security concerns about this. Suppose you had an unshar
program that only allowed cat and chmod. That's it. You still have risks...

1. The program could create arbitrary setuid programs. If you run as root,
   you've just opened the door wide.

2. The program could trash arbitrary files, either by writing garbage over
   them or to the end, or by nullifying the contents of the file.

3. The program could cripple the system, by removing access to files that need
   to be accessable to all users. 

4. The program could copy arbitrary files in your directory somewhere else,
   and then make these files readable by everyone. Classic trojan horse.

Shars are dangerous, and unshar programs don't get around the problem.

Daniel.
--
[W]:The Aerospace Corp M1/055 * POB 92957 * LA, CA 90009-2957 * 213/336-8228
[H]:9758 Natick Avenue * Sepulveda CA 91343 * 818/892-8555  | If you turn it
[Em]:faigin@aerospace.aero.org * Faigin@dockmaster.ncsc.mil | over and don't
[Vmail]:213/336-5454 Box#3149            | let it go, you end up upside down