Re: FWD: Debian Swirl ascii-art
On Sun, Jul 15, 2001 at 05:10:58PM -0300, Henrique de Moraes Holschuh wrote:
> > I have a bug report on joe about this, #42631, but as yet nobody has
> > told me how exactly is that bad security-wise, see the bug log. :(
>
> Editors and pagers MUST filter escape codes off their output stream by
> default, unless they're explicitly used to edit such stuff IMHO. This is a
> known security measure since the old BBS days.
Well, joe displays ^[ in bold when it's in a file you edit, but it doesn't
filter the file names. So for example if you edit a file called ^[[30m it
will display some of its interface in black, but that's about it.
What truely evil thing can be done with this? :)
--
Digital Electronic Being Intended for Assassination and Nullification
Reply to: