home *** CD-ROM | disk | FTP | other *** search
- Xref: sparky comp.os.os2.apps:5934 comp.security.misc:1180
- Newsgroups: comp.os.os2.apps,comp.security.misc
- Path: sparky!uunet!cs.utexas.edu!hermes.chpc.utexas.edu!news.utdallas.edu!corpgate!bnrgate!stl!robobar!ibmpcug!gtoal
- From: gtoal@ibmpcug.co.uk (Graham Toal)
- Subject: Re: Self-Extracting Binaries dangerous? (Was: REXXShip: Self-Extracting UUEncode!)
- Organization: The IBM PC User Group, UK.
- Date: Sun, 6 Sep 1992 17:48:56 GMT
- Message-ID: <Bu645L.829@ibmpcug.co.uk>
- References: <1992Sep6.025645.5101@midway.uchicago.edu> <18cf8rINNmpl@agate.berkeley.edu> <dank.715798089@blacks>
- Lines: 24
-
- In article <dank.715798089@blacks> dank@blacks.jpl.nasa.gov (Daniel R. Kegel) writes:
- >sip1@ellis.uchicago.edu (Timothy F. Sipples) writes:
- >>Archive-name: auto/comp.os.os2.apps/REXXShip-1-0-Released-Self-Extracting-UUEncode
- >>The file rxship10.cmd is a self extracting REXX script which, when
- >>run, produces REXXShip.Cmd. REXXShip 1.0 is a REXX program which will
- >>take any binary file as input and produce an ASCII text version which
- >>is self extracting. Run the resulting ASCII text version through any
- >>REXX interpreter, including OS/2 2.0's, and you get the binary file
- >>back.
- >
- >Is it just me, or do other people shudder at the thought of
- >self-extracting binary archives? They seem dangerous to me
- >because they involve running a raw program straight off the net
- >without any visibility as to what it's doing.
-
- Yes. What I do is log on to our novell server as user 'virus' with no
- privs at all and only write access to /tmp - I unpack there, then
- switch the machine off. (Reset isn't good enough). I *think* this
- is reasonably secure. I don't know if any damage could be done across
- our novell network while unpacking. You certainly *don't* want to unpack
- on a real hard disk. Net drives are relatively safe.
-
- G
- --
-
