[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GNU Sharutils and security
From: |
Bruce Korb |
Subject: |
Re: GNU Sharutils and security |
Date: |
Fri, 02 Jul 2004 07:16:18 -0700 |
Paul Eggert wrote:
>
> Bruce Korb <address@hidden> writes:
>
> > I doubt obsoleting shar will help much either, other than, perhaps, making
> > yet another warning
>
> Yes, but warnings help to get the word out. That's the point.
>
> > #!/bin/echo
> > Please_do_not_use_the_shell_to_evalue_this_file,_use_GNU_unshar_instead. ; \
>
> That's not as good, since many operating systems have limits on the
> size of the first line.
That's a red herring: I was just taking your example and playing:
#!/bin/echo please_unpack_with_GNU_unshar ; \
exit 1
This will cause normal shells to echo something and die, tho bash-as-Bourne
doesn't follow the standard:
> $ cat :x ; echo RUN: ; ./:x
> #!/bin/echo this_is_a_test ; \
> exit 1
>
> echo i am alive
> exit 0
> RUN:
> this_is_a_test ; \ ./:x
weird. My understanding that it was to take one and only one argument.
Was it unspecified instead? Anyway, I personally still use shar, but
don't use any of the cut-n-paste email features.
Cheers - Bruce
Re: GNU Sharutils and security, Bruno Haible, 2004/07/16