Peter,
Let's say we have some macro that takes an argument and calls "ls #1" in
the shell. Specifically
\makeatletter
\def \ls #1{\begingroup
\everyeof{\noexpand}%
\message{\@@input"|ls #1" }%
\endgroup}
Then someone can do \ls{; rm somefile} to remove the file "somefile",
even though one may think that calling \ls is safe.
Bruno
On 08/25/2018 10:06 PM, Peter Wilson wrote:
> Jonathon,
>
> I don't understand. Please explain it and its relevance to (La)TeX.
>
> Peter W.
>
>
> On 24/08/18 22:00, Jonathan Fine wrote:
>> Hi Joseph
>>
>> Please take a look at https://xkcd.com/327. It is the famous Bobby
>> Tables story.
>>
>> Do you understand the exploit being described? This is an important
>> preliminary question for the whole conversation.
>>
>> Jonathan