Xref: utzoo news.admin:4077 news.sysadmin:1687 comp.mail.uucp:2354
Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!rutgers!ucsd!orion.cf.uci.edu!paris.ics.uci.edu!nagel
From: nagel@paris.ics.uci.edu (Mark Nagel)
Newsgroups: news.admin,news.sysadmin,comp.mail.uucp
Subject: Re: Dangerous hole in Usenet!
Keywords: "it's a secret ... but they told me!" -- david dobkin
Message-ID: <978@paris.ics.uci.edu>
Date: 26 Nov 88 06:00:26 GMT
References: <1227@vsi1.UUCP> <117@hudson.Morgan.COM> <800@mailrus.cc.umich.edu> <4833@bsu-cs.UUCP> <1961@van-bc.UUCP> <151@ecicrl.UUCP> <1988Nov25.174519.13119@ateng.ateng.com>
Sender: news@paris.ics.uci.edu
Reply-To: nagel@paris.ics.uci.edu (Mark Nagel)
Followup-To: news.admin
Organization: University of California, Irvine - Dept of ICS
Lines: 18
In-reply-to: chip@ateng.ateng.com (Chip Salzenberg)

In article <1988Nov25.174519.13119@ateng.ateng.com>, chip@ateng (Chip Salzenberg) writes:
|According to clewis@ecicrl.UUCP (Chris Lewis):
|>In article <1961@van-bc.UUCP> sl@van-bc.UUCP (pri=-10 Stuart Lynne) writes:
|>>[Unshar] is designed to split up shar packages safely.
|>>And available in source so you can tune it to your system.
|>
|>Er, no.
|
|Er, yes.  Rich Salz's "cshar" package includes a "safe" unshar program in C.

Hmm.  Please point me at this.  I looked through the cshar package and
the unshar program just runs /bin/sh on the file.  The shell program
runs commands, but is by no mean secure (see man page).  Which one, then,
is secure?

Mark Nagel @ UC Irvine, Dept of Info and Comp Sci
ARPA: nagel@ics.uci.edu              | radiation: n. ... 2. smog with an
UUCP: {sdcsvax,ucbvax}!ucivax!nagel  | attitude.