Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!seismo!lll-crg!hoptoad!rdm From: rdm@hoptoad.uucp (Rich Morin) Newsgroups: net.sources.bugs Subject: Re: "sharks" shar checking script Message-ID: <1166@hoptoad.uucp> Date: Wed, 1-Oct-86 13:32:03 EDT Article-I.D.: hoptoad.1166 Posted: Wed Oct 1 13:32:03 1986 Date-Received: Fri, 3-Oct-86 00:52:40 EDT References: <1814@utah-gr.UUCP> Organization: Canta Forda Computer Laboratory Lines: 56 Summary: no, it's not perfect (yet) - but I'm not done yet In article <1814@utah-gr.UUCP>, thomas@utah-gr.UUCP (Spencer W. Thomas) writes: > > Unfortunately, this nice idea is insufficient against the determined > system cracker. (demonstrates nifty backquote gotcha...) > > Oh well. > You're right, of course, and thanks for the input. I think that two responses are appropriate: 1 Modify sharks to look for "unquoted" here documents with backquotes in them. The following script (run under sh on a Sun.) shows that only the "nq" example fires. : : tst : cat << eof `echo nq` eof cat << \eof `echo bs` eof cat << 'eof' `echo sq` eof cat << "eof" `echo dq` eof 2 Write a script (flipper?) to change unquoted here documents into quoted ones. This may be a problem if there is a good reason for leaving the here document unquoted, but maybe a conservative approach is justified, even so. Besides, only "suspicious" files would have to be so modified... I am working on both of these approaches, and should post the results soon. I will try to keep from being offended by postnews's apparent reluctance to put my tiny (~100 line) offerings into net.sources. I realize that C programmers hardly get started in 100 lines, while a shell scripter is usually done by then... Please post (or E-mail, as appropriate) other gotchas as you find them. If an insurmountable gotcha is found, I can give up (or accept the imperfection). Otherwise, a useful tool may evolve... -Rich -- Richard Morin, proprietor {hoptoad,leadsv,lll-lcc}!cfcl!rdm Canta Forda Computer Lab. +1 415 994 6860 Post Office Box 1488 Full spectrum consulting services Pacifica, CA 94044 USA for science and engineering.