Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!watmath!clyde!burl!ulysses!allegra!mit-eddie!genrad!decvax!decwrl!sun!hoptoad!gnu From: gnu@hoptoad.UUCP Newsgroups: net.news.adm,net.sources.d Subject: Re: Beware of Blindly Un-SHARing a File Message-ID: <734@hoptoad.uucp> Date: Wed, 23-Apr-86 07:04:14 EST Article-I.D.: hoptoad.734 Posted: Wed Apr 23 07:04:14 1986 Date-Received: Thu, 24-Apr-86 07:23:21 EST References: <947@kitty.UUCP> <2407@prls.UUCP> <1439@garfield.columbia.edu> <243@mrstve.UUCP> Organization: Nebula Consultants in San Francisco Lines: 27 Xref: watmath net.news.adm:635 net.sources.d:155 Someone has already announced the intention of cleaning up their current "safe unshar" program and posting it to mod.sources soon. What I suggest is that this program be made very easy to run from the news reading interfaces, so it WILL be used from the news reading interfaces. E.g., in vnews, an article in a recognized "shar" format would not show the code, but would show the top of the message, a list of filenames in the shell archive, and the Readme [if one exists]. A simple command would save the files in a specified directory, already un-shar-ed. This has many of the advantages we now enjoy: You can always unpack it with a text editor, or with a Unix shell, but you can also unpack it safely "if you have the decoding program". Since the decoder comes with news, most people will have the decoder and will thus be safe. The rest of the world won't be out in the cold though. Also, having the news readers recognize one or a few standard shar formats (and display only the relevant info) will help automate the process of receiving software from the net -- it will look like an "attachment" to a text message (like receiving a source tape with a cover letter, and running "tar" on it without having the raw tar file spewed at your screen). I agree that no program can prevent trojan horses -- you just have to read and understand the code you get. On the other hand, because any door can be broken down is no reason not to lock it. -- John Gilmore {sun,ptsfa,lll-crg,ihnp4}!hoptoad!gnu jgilmore@lll-crg.arpa