.plan

[Robert Garvey]

In article <474 at escom.com> al at escom.com (Al Donaldson) writes:
>so is the point that a nastygram can be stored in my terminal, triggered 
>remotely by echo'ing a ctrl-E to my terminal, with the nastygram getting 
>passed straight to my shell?   I apologize if this is obvious to others, 
>but I just want to be sure I understand the risk.

Yes, that is the risk.  Some terminals allow answerback messages to be
programmed with an escape sequence.  A malicious user could send mail
that includes that escape sequence with an answerback message to be
interpreted by mail and then your shell.  Following that sequence would
be a ctrl-E.

Robert Garvey                                  Sybase, Inc
robert at sybase.com                              6475 Christie Ave
{sun,lll-tis,pyramid,pacbell}!sybase!robert    Emeryville, CA 94608