[src/trunk]: src/usr.bin/uuencode Clarify and generally improve. The expansio...

[dholland <dholland%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/b954255ee1fa
branches:  trunk
changeset: 332095:b954255ee1fa
user:      dholland <dholland%NetBSD.org@localhost>
date:      Sat Sep 06 18:54:46 2014 +0000

description:
Clarify and generally improve. The expansion of files is not a bug,
it's a consequence of what uuencode does. Also note for a more hostile
internet environment that blindly uudecoding files without inspecting
the header is dangerous.

Pursuant to PR 49177.

diffstat:

 usr.bin/uuencode/uuencode.1 |  63 +++++++++++++++++++++++++++-----------------
 1 files changed, 39 insertions(+), 24 deletions(-)

diffs (109 lines):

diff -r e42d3874b18d -r b954255ee1fa usr.bin/uuencode/uuencode.1
--- a/usr.bin/uuencode/uuencode.1       Sat Sep 06 18:43:00 2014 +0000
+++ b/usr.bin/uuencode/uuencode.1       Sat Sep 06 18:54:46 2014 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: uuencode.1,v 1.23 2014/09/06 18:37:01 dholland Exp $
+.\"    $NetBSD: uuencode.1,v 1.24 2014/09/06 18:54:46 dholland Exp $
 .\"
 .\" Copyright (c) 1980, 1990, 1993
 .\"    The Regents of the University of California.  All rights reserved.
@@ -29,7 +29,7 @@
 .\"
 .\"     @(#)uuencode.1 8.1 (Berkeley) 6/6/93
 .\"
-.Dd January 28, 2012
+.Dd September 6, 2014
 .Dt UUENCODE 1
 .Os
 .Sh NAME
@@ -58,39 +58,42 @@
 .Bl -tag -width ".Fl m"
 .It Fl m
 Use base64 encoding.
-The default is that
-.Nm
-uses the historical uuencode algorithm,
-and
-.Nm uudecode
-automatically detects the encoding.
+For
+.Nm ,
+the historical uuencode algorithm is the default.
+For
+.Nm uudecode ,
+by default the encoding is automatically detected.
 .It Fl o Ar outputfile
 .Po Nm uudecode No only . Pc
-Use the specified
-.Ar outputfile
-as the name of the output file.
-The default is that
+Send the decoded output data to
+.Ar outputfile .
+By default,
 .Nm uudecode
-obtains the name of the output file from the data stream, where
-.Nm
-would have recorded it.
+uses the
+.Ar outputname
+recorded in the encoded data stream.
 .It Fl p
 .Po Nm uudecode No only . Pc
-Write the decoded file to stdout instead of to a named file.
+Write the decoded file to standard output instead of to a file.
 .El
 .Pp
 .Nm
 reads
 .Ar inputfile
 (or by default the standard input) and writes an encoded version
-to the standard output.
+to (always) the standard output.
 The encoding uses only printing
 .Tn ASCII
-characters and includes the
-mode of the file and the operand
+characters suitable for text-only transport media.
+The string 
 .Ar outputname
-for use by
-.Nm uudecode .
+is inserted into the output header as the
+.Ar outputfile
+to use at
+.Nm uudecode
+time.
+The header also includes the mode (permissions) of the file.
 .Pp
 .Nm uudecode
 transforms
@@ -112,6 +115,20 @@
 instead of to a named file.
 .Nm uudecode
 ignores any leading and trailing lines.
+.Pp
+The encoded form of the file is expanded by 35%.
+Every 3 bytes become 4 plus control information.
+.Sh SECURITY CONSIDERATIONS
+When using
+.Nm uudecode
+with files coming from dubious sources,
+always either explicitly pass the
+.Fl o
+option or check the header (the first line) of the encoded file for
+safety.
+Blindly using an
+.Ar outputname
+from a hostile source can overwrite important files.
 .Sh EXIT STATUS
 The
 .Nm uudecode
@@ -156,6 +173,4 @@
 .Nm
 utilities appeared in
 .Bx 4.0 .
-.Sh BUGS
-The encoded form of the file is expanded by 35% (3 bytes become 4 plus
-control information).
+