[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GNU Sharutils and security
From: |
Bruce Korb |
Subject: |
Re: GNU Sharutils and security |
Date: |
Thu, 01 Jul 2004 11:42:30 -0700 |
Paul Jarc wrote:
>
> Paul Eggert <address@hidden> wrote:
> > Once this is done, perhaps GNU shar should output scripts that start
> > like this:
> >
> > #!/bin/sh
> > echo "Please do not use the shell to evalue this file; use GNU unshar
> > instead."
>
> I doubt this would help much - the real Trojans won't have such
> warnings.
I doubt obsoleting shar will help much either, other than, perhaps, making
yet another warning to folks that it is unwise to download and run anything
you see on the net. Another approach (which won't help either):
#!/bin/echo
Please_do_not_use_the_shell_to_evalue_this_file,_use_GNU_unshar_instead. ; \
exit 1
and hack unshar appropriately :-)
Re: GNU Sharutils and security, Bruno Haible, 2004/07/16