shars and security concerns.
Tom Neff
tneff at bfmny0.UU.NET
Thu May 3 12:11:53 AEST 1990
In article <FAIGIN.90May2120834 at sunstroke.aerospace.aero.org> faigin at aerospace.aero.org (Daniel P. Faigin) writes:
>There are still major security concerns about this. Suppose you had an unshar
>program that only allowed cat and chmod. That's it. You still have risks...
^^^^^^^
You need have no more risks than the unshar program is willing to allow.
It could prevent setuid stuff, writing out of the current subtree, etc.
>Shars are dangerous, and unshar programs don't get around the problem.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This doesn't take my previous proposal into account. (Did the poster
read it?) If standardized header information were provided as shell
#comments, then an also-standardized unshar program could read a shar as
effortlessly as a tar file, and with equally faithful results. Under
this scheme there would be no "operations" at all, just file and
directory creation. By imposing appropriate limits on what "Mode=" and
"Name=" is allowed to be, unshar could operate safely.
More information about the Alt.sources.d
mailing list