Re: unshar is unsafe

bug-gnu-utils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: unshar is unsafe

From:	Bruno Haible
Subject:	Re: unshar is unsafe
Date:	Fri, 29 Jul 2005 22:45:51 +0200
User-agent:	KMail/1.5

Bruce Korb wrote:
> "shar" is "secure", tho.

I don't agree. Apart from a rare usecase, the purpose of 'shar' is
to produce output that someone else will be able to unpack using 'unshar'
(or 'sh' - just as bad). Since 'unshar' is dangerous, any use 'shar' is
a incitation to another person to use an unsafe unpacker.

Instead we should recommend to use either uuencode or MIME attachments as
a replacement.

The mentioned rare usecase is when someone use 'shar' to mail some files
to himself on different machines. I think it's rare enough that it can be
ignored.

Bruno

[Prev in Thread]

Current Thread

[Next in Thread]

unshar is unsafe, Bruno Haible, 2005/07/27
- Re: unshar is unsafe, Bruce Korb, 2005/07/30
  - Re: unshar is unsafe, Bruno Haible <=
    - Re: unshar is unsafe, Bruce Korb, 2005/07/29
  - Re: unshar is unsafe, John Cowan, 2005/07/30
    - Re: unshar is unsafe, Bruce Korb, 2005/07/30

Prev by Date: Re: Bug#320174: gettext: msgfmt --statistics should output the filename (fwd)
Next by Date: Re: gettext 0.14.5 compile issue
Previous by thread: Re: unshar is unsafe
Next by thread: Re: unshar is unsafe
Index(es):
- Date
- Thread