Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!cbosgd!ihnp4!houxm!whuxl!whuxlm!akgua!gatech!seismo!harvard!bu-cs!bzs
From: bzs@bu-cs.UUCP
Newsgroups: net.news,net.wanted.sources
Subject: Re: Shar format found dangerous
Message-ID: <424@bu-cs.UUCP>
Date: Fri, 18-Apr-86 21:45:30 EST
Article-I.D.: bu-cs.424
Posted: Fri Apr 18 21:45:30 1986
Date-Received: Mon, 21-Apr-86 08:15:09 EST
Organization: Boston Univ Comp. Sci.
Lines: 15
Xref: watmath net.news:4761 net.wanted.sources:2208


A thought on making un-shar'ing safer:

Obviously making a chroot'd account with a private bin, usr/bin and
usr/ucb (if applicable) would make this much, much safer. One could
also carefully limit the commands (is there any good reason for an
unshar to ever do an 'rm'? you could put 'rm' somewhere else for use
within this account.)

Too much trouble? Maybe, everything is a trade-off, but I suspect
this is fairly fool-proof for hack's directly in shar files, obviously
no help if the program thus built has more hacks (although testing
it in that environment would help.)

	-Barry Shein, Boston University