Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!cbosgd!ulysses!allegra!mit-eddie!think!harvard!cmcl2!seismo!rochester!bullwinkle!uw-beaver!tikal!sigma!bill
From: bill@sigma.UUCP (William Swan)
Newsgroups: net.news,net.wanted.sources
Subject: Re: Shar format found dangerous
Message-ID: <700@sigma.UUCP>
Date: Mon, 21-Apr-86 11:30:18 EST
Article-I.D.: sigma.700
Posted: Mon Apr 21 11:30:18 1986
Date-Received: Fri, 25-Apr-86 05:03:46 EST
References: <214@randvax.UUCP>
Reply-To: bill@sigma.UUCP (William Swan)
Distribution: net
Lines: 22
Keywords: unshar.c?
Xref: watmath net.news:4763 net.wanted.sources:2227
Summary: The danger is in using "sh", _not_ in shar format.

In article <214@randvax.UUCP> guyton@randvax.UUCP (Jim Guyton) writes:
>[...] I'd been worried about "shar" format for a long time; running
>random shell scripts is the next best thing to running random binaries.[...]
>How about a new format that can be parsed easily by a "trusted" program [...]?
>All you need is ...
>    o   some file format that is trivial to parse.
>    o   the trusted program being short enough to be fairly foolproof.[...]
>Anyone else interested in killing off shar, or am I the only
>paranoid person on the net?

PLEASE DON'T KILL OFF SHAR!!

It has been used so often, it is almost a de facto standard for distribution.
Creating a new file format will only create a lot of confusion. Besides, the
format of "shar" files is quite adequate and probably not too difficult to
parse.

INSTEAD...

Why not write "unshar.c", which would complement the "standard" (is there
one?) "shar.c". It would execute _only_ those commands, no more, no less.
Surely not too difficult, hmm?