[190] in Zephyr_Comments
big security hole in zephyr, esp. xsetroot
daemon@ATHENA.MIT.EDU (Jonathan I. Kamens)
Sun Mar 26 00:05:59 1989
Date: Sun, 26 Mar 89 00:05:14 EST
From: Jonathan I. Kamens <jik@ATHENA.MIT.EDU>
To: tytso@ATHENA.MIT.EDU
Cc: rfrench@ATHENA.MIT.EDU, jh@ATHENA.MIT.EDU, watch@ATHENA.MIT.EDU,
In-Reply-To: Theodore Ts'o's message of Fri, 24 Mar 89 17:17:17 EST <8903242217.AA23325@OLIVER.MIT.EDU>
However, there should be a good way to pipe a message into a random
program, with out having to resort to exec echo "$message"....
Yes! Yes! echo "$message" is completely useless for many tasks
because messages that have strange characters (or even " or ') in them
will confuse things horribly, and because of the `` programs recently
cited. There really should be a separate command for sending the
contents of a variable through a pipe to a process.
> However, there should be a good way to pipe a message into a random
> program, with out having to resort to exec echo "$message"....
Since Barr3y isn't here to push Btalk :-), I'll point out that
rZephyr would handle this nicely... :-)
- Rhu
This isn't a suitable solution, I hope you realize. Standard zephyr
is what we offer to users, and standard zephyr should have this
capability.
we could use barry's zmail/zrecv programs, but that requires the user
to grab special programs and keep them in his/her locker. Better to
get a "put the message in a file" primitive in the zephyr language.
--jh--
Once again, this isn't really a solution, it's a hack.
jik
