Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!watmath!clyde!burl!ulysses!allegra!mit-eddie!think!harvard!seismo!columbia!garfield!dupuy From: dupuy@garfield.columbia.edu (Alex Dupuy) Newsgroups: net.news.adm,net.news.sa,net.sources.d,net.wanted.sources Subject: Re: Beware of Blindly Un-SHARing a File Message-ID: <1439@garfield.columbia.edu> Date: Thu, 10-Apr-86 04:28:29 EST Article-I.D.: garfield.1439 Posted: Thu Apr 10 04:28:29 1986 Date-Received: Sat, 12-Apr-86 22:15:49 EST References: <947@kitty.UUCP> <2407@prls.UUCP> Reply-To: dupuy@columbia.UUCP (Alex Dupuy) Organization: Columbia University CS Department Lines: 58 Keywords: ``Relink'' April Fool Xref: watmath net.news.adm:585 net.news.sa:262 net.sources.d:100 net.wanted.sources:2141 In article <947@kitty.UUCP> larry@kitty.UUCP (Larry Lippman) writes: > Recently an article <2407@prls.UUCP> purporting to be source for a >program to ``relink'' a deleted (!) file was posted to the net as an April >Fool's joke. > . > . > . > The not-so-funny part was that the poster of the article didn't stop >at the above, but decided to play some file manipulation games. While the >shar source would not destroy anything, this was a nasty thing to do, and the >poster showed decided lack of good taste. > There is a valuable lesson to be learned here: NEVER, EVER blindly >unshar ANYTHING unknown! After all, the shar source COULD have contained >something like ``rm -fr''. That would not at all be funny. The recent >discussions here concerning article forgery certainly illustrate how such >a shar Trojan Horse could be planted "anonymously". The implications of this are pretty scary; I'm sure that there are systems out there where superusers (!) unshar files (I was guilty of this a few times). Even more frightening than nasty pranks like rearranging directories is the possibility of viruses. Unix, as a more or less standard system which runs on a wide range of computers, is especially vulnerable to viruses. The same laws which govern the behavior of viruses in the biological world apply here: it is difficult for a virus to replicate in a wide variety of hosts, but most Unix systems share a great number of characteristics and features, with only two major population subgroups; bsd and sysv. The emphasis on telephone networking in Unix, due largely to its origin at Bell Labs, also works against it, encouraging communication on an largely insecure medium. So what can be done? One important step was the creation of a moderated sources group. While I would never install a suid root program I got from net.sources unless I was familiar with the author by reputation, I would probably trust John P. Nelson's judgement on the "sterility" of a program in mod.sources. But even non-suid programs may eventually be run by root. This, more than the decreasing S/N ratio of net.sources, is a powerful argument for the total elimination (flame me, make my day :~) of net.sources. Another thing which can be done in the short term is to unshar programs with something other than sh. Last year someone posted an "unshar" program which automatically stripped headers and signatures, and would optionally save them in a file or unshar everything in another directory. Alas, I misplaced the sources (I only have Vax binaries). So maybe the person who posted that would send it to me, and I will add security features and repost it. I have some ideas on making it secure, including running suid to some innocuous user, limiting the programs which will be exec'd to cat, sed, wc, chmod, or uudecode, and always running in an empty subdirectory. If anyone has other ideas, I'd be glad to hear them. The threat of viruses is often overdramatized and exaggerated; I certainly don't want to suggest that the only reasonable action is to shut down netnews and switch to some "safe" OS like VMS, but the danger *does* exist, and I am willing to bet a free swine flu shot (:-) that the first widespread outbreak of a computer virus (if it ever happens) is on Unix systems of some variety. @alex (dupuy@columbia.edu, seismo!columbia!dupuy)