Next MEP shar
Larry Wall
lwall at sdcrdcf.UUCP
Wed Oct 29 10:58:33 AEST 1986
I hate to say it, but this version of mep DOESN'T add security as claimed. It
is trivial to execute any command you want using @SH. Details are left as an
exercise for the reader. The fix is left as an exercise for the writer.
And now, the requisite source, a self-reproducing nroff script:
.ec8
.emZZ
.nryy1000-12
.nrzz100-1
.nf
.deXX
.tr88n(yy
88!88!88$1
.tr88n(zz
.amZZ..
88!88!.XX88$1
.nrnl0-1
...
..
.XX.ec9
.XX.emZZ
.XX.nryy1000-12
.XX.nrzz100-1
.XX.nf
.XX.deXX
.XX.tr99n(yy
.XX99!99!99$1
.XX.tr99n(zz
.XX.amZZ..
.XX99!99!.XX99$1
.XX.nrnl0-1
.XX...
.XX..
I dare you to write a shorter one that contains any commands.
Larry Wall
{allegra,burdvax,cbosgd,hplabs,ihnp4,sdcsvax}!sdcrdcf!lwall
More information about the Comp.sources.unix
mailing list