Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!rutgers!mit-eddie!genrad!decvax!tektronix!cae780!amdcad!sun!imagen!atari!apratt
From: apratt@atari.UUCP
Newsgroups: comp.os.minix
Subject: Re: minix - is this a sensible thought ?
Message-ID: <552@atari.UUCP>
Date: Wed, 4-Feb-87 17:00:18 EST
Article-I.D.: atari.552
Posted: Wed Feb  4 17:00:18 1987
Date-Received: Sat, 7-Feb-87 16:42:10 EST
References: <1717@hoptoad.uucp>
Organization: Atari Corp., Sunnyvale CA
Lines: 23

in article <1717@hoptoad.uucp>, gnu@hoptoad.uucp (John Gilmore) says:
> 
> In article <962@osiris.UUCP>, mjranum@osiris.UUCP (Marcus Ranum) writes:
>>                                       What if we all agree that 
>> postings of MINIX material be in of tar format. ...
>
> Shar ... has the advantage that it is text, so it doesn't need uuencoding
> (increases the space required).  This also means that people can *read* it.

The problem I see with Shar is the absurdly-simple Trojan Horse
loophole it opens up.  When you turn your machine over to somebody
else's command script, AT YOUR OWN COMMAND PROMPT, you're just asking
for trouble.  A special "unshar" script, which only lets the shar run
certain commands and put files in certain directories, would be an
appropriate patch to this.

Makefiles also introduce this security problem, I realize, but we can
only go so far.

/----------------------------------------------\
| Opinions expressed above do not necessarily  |  -- Allan Pratt, Atari Corp.
| reflect those of Atari Corp. or anyone else. |     ...lll-lcc!atari!apratt
\----------------------------------------------/