enscript -e option a security risk?
In looking through the print filter generated by magicfilter, I
noticed that it gives the -e option to GNU enscript. The -e
option turns on special "escapes", including the following as
documented in the enscript manpage:
epsf inline EPS file to the document. Escape's syntax
where options is an optional sequence of option
characters and values enclosed with brackets and
filename is the name of the EPS file.
If filename ends to the `|' character, then file-
name is assumed to name a command that prints EPS
data to its standard output. In this case,
enscript opens a pipe to the specified command and
reads EPS data from pipe.
It seems to me that this is a security risk. Agreed? If so,
I'll file a bug against magicfilter asking that this option be
removed from the filters. This option is present in several
filters, by the way:
pfaffben:/etc/magicfilter# grep -l 'enscript.*-e' *
"A computer is a state machine.
Threads are for people who cant [sic] program state machines."