Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/5/84; site randvax.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!bellcore!decvax!hplabs!sdcrdcf!randvax!guyton
From: guyton@randvax.UUCP (Jim Guyton)
Newsgroups: net.news,net.wanted.sources
Subject: Shar format found dangerous
Message-ID: <214@randvax.UUCP>
Date: Sun, 13-Apr-86 19:00:13 EST
Article-I.D.: randvax.214
Posted: Sun Apr 13 19:00:13 1986
Date-Received: Wed, 16-Apr-86 04:08:19 EST
Distribution: net
Organization: Rand Corp., Santa Monica
Lines: 31
Xref: watmath net.news:4754 net.wanted.sources:2161

I see someone has finally posted a trojan horse shar file
to net.sources (the "relink" program).

I'd been worried about "shar" format for a long time; running
random shell scripts is the next best thing to running random
binaries.  I'm glad the first widely posted bogus shar file
was just an april fool's joke.  It could have included a few
"rm -rf /" in there ... I wonder how many people would have
run it while root and found that the hard way?


 Needed:  a better (safer) method of source distribution.
 --------------------------------------------------------

We've got shar, tar, cpio, and ar.  None of which is very good for this
kind of thing.  How about a new format that can be parsed easily by
a "trusted" program so I can extract new source distributions as root
without getting the least be nervous?  All you need is ...

    o   some file format that is trivial to parse.

    o   the trusted program being short enough to be fairly foolproof.
	It could simply open the input file, make a new subdir, and
	"chroot" to it to protect the rest of the system from absolute
	pathnames in the distribution or crazy dot-dot paths.


Anyone else interested in killing off shar, or am I the only
paranoid person on the net?

-- Jim Guyton