LATEX-L Archives

Mailing list for the LaTeX3 project

LATEX-L@LISTSERV.UNI-HEIDELBERG.DE
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: System shell functions
From:
Bruno Le Floch <[log in to unmask]>
Reply To:
Mailing list for the LaTeX3 project <[log in to unmask]>
Date:
Sat, 25 Aug 2018 22:15:23 +0200
Content-Type:
text/plain
Parts/Attachments:
text/plain (36 lines) 
Peter,

Let's say we have some macro that takes an argument and calls "ls #1" in
the shell.  Specifically

\makeatletter
\def \ls #1{\begingroup
  \everyeof{\noexpand}%
  \message{\@@input"|ls #1" }%
  \endgroup}

Then someone can do \ls{; rm somefile} to remove the file "somefile",
even though one may think that calling \ls is safe.

Bruno


On 08/25/2018 10:06 PM, Peter Wilson wrote:
> Jonathon,
> 
> I don't understand. Please explain it and its relevance to (La)TeX.
> 
> Peter W.
> 
> 
> On 24/08/18 22:00, Jonathan Fine wrote:
>> Hi Joseph
>>
>> Please take a look at https://xkcd.com/327. It is the famous Bobby
>> Tables story.
>>
>> Do you understand the exploit being described? This is an important
>> preliminary question for the whole conversation.
>>
>> Jonathan

ATOM RSS1 RSS2