Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!watmath!clyde!cbatt!ihnp4!qantel!lll-lcc!lll-crg!hoptoad!rdm From: rdm@hoptoad.uucp (Rich Morin) Newsgroups: net.sources Subject: sharks - SHell ARchive checKing Script Message-ID: <1163@hoptoad.uucp> Date: Tue, 30-Sep-86 00:04:07 EDT Article-I.D.: hoptoad.1163 Posted: Tue Sep 30 00:04:07 1986 Date-Received: Wed, 1-Oct-86 02:24:42 EDT Organization: Canta Forda Computer Laboratory Lines: 118 Keywords: paranoia shar security trojan horse : # sharks - SHell ARchive checK Script (N.B., Bourne shell) # # The "shar" utility is really a neat hack, but it scares me silly # from a security perspective. I DON'T LIKE giving my session over # to someone else's script, despite the fact that I can take a few # precautions. Scanning a shar file for gotchas is impractical, # since it takes too much time, and one can still miss things. # Besides, there is even a nifty gotcha I saw that causes vi to # perform commands while reading in a file(!) # # So, I wrote this piece of paranoid code to help me scan shar files # in a reasonably efficient manner. It throws away all the here # document text (using a somewhat naive algorithm), then throws away # command lines it (quite conservatively) thinks are safe. The rest # of the text goes to standard output, for storage and/or perusal. # # I'm sure it isn't foolproof. (It doesn't even TRY to look at the # code that is being unpacked...) Still, the resulting output is # short and sweet, and it tells me everything I want to know before # submitting my session to the file... # # Usage: sharks foo bar ... # # Copyright (C) 1986, Richard Morin. All Rights Reserved. # # Use it (at your own risk, of course), but don't sell it. Also, # please let me know about any problems and/or improvements you find. # # Richard Morin, proprietor {hoptoad,leadsv,lll-lcc}!cfcl!rdm # Canta Forda Computer Lab. +1 415 994 6860 # Post Office Box 1488 Full spectrum consulting services # Pacifica, CA 94044 USA for science and engineering. # # P.S. Long live awk, sed, and sh ! ! ! P='[0-9A-Za-z_-][0-9A-Za-z_-]*' # pattern for sed script sed 's/ / /' $* | # kill off tabs awk ' # kill off here document text { if (hd == 1) { # here document text ss2 = $0 # get test string while (substr(ss2,1,1) == " ") ss2 = substr(ss2,2) if (index(ss2,ss) == 1) { # end of here text hd = 0 next } } else # not here document text print $0 } /< 1) ss = substr(ss,1,sse-1) } } ' | # # Note that this code is more than a little bit paranoid. Keep it # that way... The code is also rather sprawling, since there seem # to be about twenty gazillion different versions of shar floating # about. Last, if you don't know what it is, don't play with it!! # sed ' # kill off shar noise /^ *\/bin\/echo [^`;|(>]*$/d /^ *\/bin\/echo [^`;|(>]*; \/bin\/ls [^`;|(>]*$/d /^ *\/bin\/ls [^`;|(>]*$/d /^ *echo [^`;|(>]*$/d /^ *echo [^`;|(>]*([^`;|(>]*)'\'' *$/d /^ *echo [^`;|(>]*; ls [^`;|(>]*$/d /^ *echo [^`;|(>]*`wc [^`;|(>]*` *$/d /^ *else *$/d /^ *exit *[0-9]* *$/d /^ *fi *$/d /^ *fi #[^`;|(>]*$/d /^ *if \[ [0-9A-Za-z]*\$'$P' = '$P' ]; then *$/d /^ *if \[ `wc -c < [^`;|(>]*` != '$P' ]; then *$/d /^ *if test -f '\''[^`;|(>]*'\'' *$/d /^ *if test '$P' != \$1 *$/d /^ *if test '$P' -ne "`wc -c [^`;|(>]*`" *$/d /^ *if test '$P' -ne "`wc -c '\''[^`;|(>]*'\''`" *$/d /^ *if test '$P' -ne "`wc -c < '\''[^`;|(>]*'\''`" *$/d /^ *ls [^`;|(>]*$/d /^ *set `sum [^`;|(>]*` *$/d /^ *then *$/d /^ *wc [^`;|(>]* | sed [^`;|(>]* | diff -b \$'$P' - *$/d /^ *'$P'='$P' *$/d ' exit 0 # sh doesn't like signature text... -- Richard Morin, proprietor {hoptoad,leadsv,lll-lcc}!cfcl!rdm Canta Forda Computer Lab. +1 415 994 6860 Post Office Box 1488 Full spectrum consulting services Pacifica, CA 94044 USA for science and engineering.