Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!rutgers!ames!oliveb!sun!rdh
From: rdh@sun.UUCP
Newsgroups: comp.os.minix
Subject: Re: minix - is this a sensible thought ?
Message-ID: <12899@sun.uucp>
Date: Sat, 7-Feb-87 21:59:29 EST
Article-I.D.: sun.12899
Posted: Sat Feb  7 21:59:29 1987
Date-Received: Mon, 9-Feb-87 01:42:11 EST
References: <1717@hoptoad.uucp> <552@atari.UUCP>
Reply-To: rdh@sun.UUCP (Robert Hartman)
Organization: Sun Microsystems, Mountain View
Lines: 14

In article <552@atari.UUCP> apratt@atari.UUCP (Allan Pratt) writes:
>The problem I see with Shar is the absurdly-simple Trojan Horse
>loophole it opens up.  When you turn your machine over to somebody
>else's command script, AT YOUR OWN COMMAND PROMPT, you're just asking
>for trouble.  A special "unshar" script, which only lets the shar run
>certain commands and put files in certain directories, would be an
>appropriate patch to this.

True, but since it's a text file and you can READ it, you can run grep on the
shar to list all the command lines before running it.  At (presumably) one
command-line per source file in even the biggest shar, it wouldn't take long
to find, edit out, and post any offending command lines back onto the net. 

-bob.