[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: unshar is unsafe
From: |
Bruno Haible |
Subject: |
Re: unshar is unsafe |
Date: |
Fri, 29 Jul 2005 22:45:51 +0200 |
User-agent: |
KMail/1.5 |
Bruce Korb wrote:
> "shar" is "secure", tho.
I don't agree. Apart from a rare usecase, the purpose of 'shar' is
to produce output that someone else will be able to unpack using 'unshar'
(or 'sh' - just as bad). Since 'unshar' is dangerous, any use 'shar' is
a incitation to another person to use an unsafe unpacker.
Instead we should recommend to use either uuencode or MIME attachments as
a replacement.
The mentioned rare usecase is when someone use 'shar' to mail some files
to himself on different machines. I think it's rare enough that it can be
ignored.
Bruno