shars and security concerns.

Peter da Silva peter at ficc.uu.net
Wed May 2 09:24:41 AEST 1990


I still fail to understand the security concerns of shars, apart from the
single case of comp.mail.maps.

Look at it this way... after you have carefully unpacked the shar in the
controlled environment of your chrooted directory tree, and so on, you're
going to then compile and run the stuff inside. Even fixing portability
problems by carefully answering questions from long interactive shell
scripts that you know you never bother to examine. If I was writing a
trojan horse I wouldn't put it in the shar, I'd put it in "Configure",
"build", "install", or whatever. Or even in the code... see my little
"Usenet Virus" posting, recently published in comp.virus.

I don't know. It's like worrying about potential carcinogens in the *label*
on your TV dinner.
-- 
 _--_|\  `-_-' Peter da Silva. +1 713 274 5180.      <peter at ficc.uu.net>
/      \  'U`  Have you hugged your wolf today?  <peter at sugar.hackercorp.com>
\_.--._/       Disclaimer: commercial solicitation by email to this address
      v                    is acceptable.



More information about the Alt.sources.d mailing list