Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/18/84; site imagen.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!gamma!epsilon!zeta!sabre!petrus!bellcore!decvax!decwrl!sun!saber!imagen!geof
From: geof@imagen.UUCP (Geoffrey Cooper)
Newsgroups: net.news.adm,net.news.sa,net.sources.d,net.wanted.sources
Subject: Re: Beware of Blindly Un-SHARing a File
Message-ID: <340@imagen.UUCP>
Date: Mon, 14-Apr-86 17:41:57 EST
Article-I.D.: imagen.340
Posted: Mon Apr 14 17:41:57 1986
Date-Received: Wed, 16-Apr-86 04:21:14 EST
References: <947@kitty.UUCP> <2407@prls.UUCP> <1439@garfield.columbia.edu>
Organization: IMAGEN Corporation, Santa Clara, CA 95052-8101
Lines: 18
Xref: watmath net.news.adm:590 net.news.sa:267 net.sources.d:110 net.wanted.sources:2163

Most shar files use the hack of having sed put a 'X' at the beginning
of every line in the files to be extracted.  This makes it impossible
for the "termination string" to appear in the file and screw things
up.  This kind of shar file is easy to check for trojan horses.  Just
run:
	grep '^[^X#]' file.shar
and grep will print out all the lines of the shar file that are actualy
executed as commands by the shell. Then you can scan the (usually short)
list and immediately see that:
	reasonable commands are being used (sed, echo, cat).
	i/o redirection is to files only within the current directory.
in which case, things are probably ok.

If the file doesn't use the 'X' convention, you'll find out as your
screen fills up with the entire contents of the archive.

- Geof Cooper
  Imagen