Front page | perl.perl5.porters |
Postings from December 2004
On Wed, Dec 29, 2004 at 01:49:40PM -0500, PPrymmer@factset.com wrote:
> shar on unix was an old time sh(ell) ar(chive) file shareing format that
> turned a binary into a self extracting shell script.
Its also hideously insecure. You're running a shell script that could do
anything. A problem with any self-extracting archive.
From shar(1).
SECURITY CONSIDERATIONS
It is easy to insert trojan horses into shar files. It is strongly rec-
ommended that all shell archive files be examined before running them
through sh(1). Archives produced using this implementation of shar may
be easily examined with the command:
egrep -v '^[X#]' shar.file
> While I doubt that:
>
> make shdist
>
> or:
>
> mmk shdist
>
> is often used nowadays to prepare somehting for upload to CPAN, I suspect
> that
> removing it might adversely affect folks that have to email perl module
> distributions along 7 bit email relays
For those that need that there is uutardist. Or if they really need it
they can just uuencode or base64 encode the tarball themselves. Or let
their MTA do it as is the current practice.
I'd throw shdist out if I didn't think it would be more trouble than its
worth. I hope nobody's using it.
--
Michael G Schwern schwern@pobox.com http://www.pobox.com/~schwern/
It's Highball time!