Re: GNU Sharutils and security

[Bruce Korb]

Paul Jarc wrote:
> 
> Paul Eggert <address@hidden> wrote:
> > Once this is done, perhaps GNU shar should output scripts that start
> > like this:
> >
> > #!/bin/sh
> > echo "Please do not use the shell to evalue this file; use GNU unshar 
> > instead."
> 
> I doubt this would help much - the real Trojans won't have such
> warnings.

I doubt obsoleting shar will help much either, other than, perhaps, making
yet another warning to folks that it is unwise to download and run anything
you see on the net.  Another approach (which won't help either):

  #!/bin/echo 
Please_do_not_use_the_shell_to_evalue_this_file,_use_GNU_unshar_instead. ; \
  exit 1

and hack unshar appropriately :-)