[PRL] Bourne Shell Server Pages

Peter Dillinger pcd at ccs.neu.edu
Thu Nov 22 15:45:50 EST 2007


On Thu, Nov 22, 2007 at 12:37:55PM -0500, Shriram Krishnamurthi wrote:
> When you find people with too much time on their hands, it's good to see that
> they've found a way to spend that time  harmlessly.

harmlessly?  you realize how hard it is to build a secure system that
so regularly executes code created by putting together strings with
hard-to-understand escaping rules?  it's like a triple-whammy just
begging for "; rm -rf / ; echo "lots of trouble.  ;)

-- 
Peter Dillinger
peterd at gatech.edu
http://www.peterd.org



More information about the PRL mailing list