[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: FWD: Debian Swirl ascii-art



On Sun, Jul 15, 2001 at 05:10:58PM -0300, Henrique de Moraes Holschuh wrote:
> > I have a bug report on joe about this, #42631, but as yet nobody has
> > told me how exactly is that bad security-wise, see the bug log. :(
> 
> Editors and pagers MUST filter escape codes off their output stream by
> default, unless they're explicitly used to edit such stuff IMHO. This is a
> known security measure since the old BBS days.

Well, joe displays ^[ in bold when it's in a file you edit, but it doesn't
filter the file names. So for example if you edit a file called ^[[30m it
will display some of its interface in black, but that's about it.

What truely evil thing can be done with this? :)

-- 
Digital Electronic Being Intended for Assassination and Nullification



Reply to: