shars and security concerns.
Daniel P. Faigin
faigin at aerospace.aero.org
Thu May 3 05:08:34 AEST 1990
In article <15441 at bfmny0.UU.NET> tneff at bfmny0.UU.NET (Tom Neff) writes:
> In article <FQ53S_xds13 at ficc.uu.net> peter at ficc.uu.net (Peter da Silva) writes:
> >I still fail to understand the security concerns of shars, apart from the
> >single case of comp.mail.maps.
> It's not *just* security, although that's part of it. It's also
> reliability, portability and overall safety (not just protection against
> malice). Shell archives should not do strange crap. They should do the
> absolute minimum necessary to create a fileset on minimally POSIX-ish
> systems, while LOOKING uniform in structure so that non-Bourne extractor
> programs can understand them.
> I would allow only six basic operations: create file, create directory, mark
> executable, verify integrity, echo to user and abort.
There are still major security concerns about this. Suppose you had an unshar
program that only allowed cat and chmod. That's it. You still have risks...
1. The program could create arbitrary setuid programs. If you run as root,
you've just opened the door wide.
2. The program could trash arbitrary files, either by writing garbage over
them or to the end, or by nullifying the contents of the file.
3. The program could cripple the system, by removing access to files that need
to be accessable to all users.
4. The program could copy arbitrary files in your directory somewhere else,
and then make these files readable by everyone. Classic trojan horse.
Shars are dangerous, and unshar programs don't get around the problem.
Daniel.
--
[W]:The Aerospace Corp M1/055 * POB 92957 * LA, CA 90009-2957 * 213/336-8228
[H]:9758 Natick Avenue * Sepulveda CA 91343 * 818/892-8555 | If you turn it
[Em]:faigin at aerospace.aero.org * Faigin at dockmaster.ncsc.mil | over and don't
[Vmail]:213/336-5454 Box#3149 | let it go, you end up upside down
More information about the Alt.sources.d
mailing list