home *** CD-ROM | disk | FTP | other *** search
- Xref: sparky comp.os.os2.apps:5915 comp.security.misc:1170
- Newsgroups: comp.os.os2.apps,comp.security.misc
- Path: sparky!uunet!stanford.edu!ames!elroy.jpl.nasa.gov!dank
- From: dank@blacks.jpl.nasa.gov (Daniel R. Kegel)
- Subject: Self-Extracting Binaries dangerous? (Was: REXXShip: Self-Extracting UUEncode!)
- Message-ID: <dank.715798089@blacks>
- Sender: news@elroy.jpl.nasa.gov (Usenet)
- Nntp-Posting-Host: blacks.jpl.nasa.gov
- Organization: Image Analysis Systems Group, JPL
- References: <1992Sep6.025645.5101@midway.uchicago.edu> <18cf8rINNmpl@agate.berkeley.edu>
- Date: Sun, 6 Sep 1992 16:48:09 GMT
- Lines: 21
-
- sip1@ellis.uchicago.edu (Timothy F. Sipples) writes:
- >Archive-name: auto/comp.os.os2.apps/REXXShip-1-0-Released-Self-Extracting-UUEncode
- >The file rxship10.cmd is a self extracting REXX script which, when
- >run, produces REXXShip.Cmd. REXXShip 1.0 is a REXX program which will
- >take any binary file as input and produce an ASCII text version which
- >is self extracting. Run the resulting ASCII text version through any
- >REXX interpreter, including OS/2 2.0's, and you get the binary file
- >back.
-
- Is it just me, or do other people shudder at the thought of
- self-extracting binary archives? They seem dangerous to me
- because they involve running a raw program straight off the net
- without any visibility as to what it's doing.
-
- It seems safer to give everybody a copy of, say, uudecode. Perhaps
- IBM could include it in their next release as a security enhancement
- for those folks who would otherwise blindly run things off the net.
-
- (I just finished reading the first half of "A Fire upon the Deep", and
- am feeling a little paranoid :-)
- - Dan Kegel (dank@blacks.jpl.nasa.gov)
-
