Re: GNU Sharutils and security

[Bruce Korb]

Paul Eggert wrote:
> 
> Bruce Korb <address@hidden> writes:
> 
> > I doubt obsoleting shar will help much either, other than, perhaps, making
> > yet another warning
> 
> Yes, but warnings help to get the word out.  That's the point.
> 
> >   #!/bin/echo 
> > Please_do_not_use_the_shell_to_evalue_this_file,_use_GNU_unshar_instead. ; \
> 
> That's not as good, since many operating systems have limits on the
> size of the first line.

That's a red herring: I was just taking your example and playing:

  #!/bin/echo please_unpack_with_GNU_unshar ; \
  exit 1

This will cause normal shells to echo something and die, tho bash-as-Bourne
doesn't follow the standard:

> $ cat :x ; echo RUN: ; ./:x
> #!/bin/echo this_is_a_test  ; \
> exit 1
> 
> echo i am alive
> exit 0
> RUN:
> this_is_a_test  ; \ ./:x

weird.  My understanding that it was to take one and only one argument.
Was it unspecified instead?  Anyway, I personally still use shar, but
don't use any of the cut-n-paste email features.

Cheers - Bruce