Hi, On Fri, Jun 11, 2010 at 09:09:44PM +0200, Christian Kastner wrote: > Say you want to run a program that requires those chars as input at some > point. If we refuse '\r' and '\b', then there would be no way to feed > those to that program.
Ok, I see what you mean and you're right. > I need to give this some more thought. If my concern regarding % above > is correct, then a solution must be found to accommodate both problems. > If my concern is wrong, I will apply your patch. As '%' is transformed into newline (in do_command.c), what do you think about transforming other chosen characters (as for example '@', '~') into carriage return and backspace control characters ? This could allow us to disallow the use of '\r' and '\b'. For example, to launch something like: $ nc domain.com 80 GET / HTTP/1.0\r\n\r\n as a scheduled task, user would insert: "* * * * * nc domain.com 80%GET / HTTP/1...@%@%" into crontab. instead of: "* * * * * nc domain.com 80%GET / HTTP/1.0\r%\r%" which hides some part of the string when it is displayed with "crontab -l" or "cat /var/spool/cron/crontabs/<user>". Changing the output of "crontab -l" may not be a good solution because commands such as "crontab -u user1 -l | crontab -u user2 -" won't properly work. Regards, Vlad. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
