Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!csd4.csd.uwm.edu!gem.mps.ohio-state.edu!ginosko!uunet!auspex!guy
From: guy@auspex.auspex.com (Guy Harris)
Newsgroups: comp.unix.questions
Subject: Re: .plan
Message-ID: <2393@auspex.auspex.com>
Date: 29 Aug 89 18:15:48 GMT
References: <61@towernet.UUCP> <1989Aug23.192105.21328@ee.rochester.edu> <2620@trantor.harris-atd.com> <9136@elsie.UUCP>
Reply-To: guy@auspex.auspex.com (Guy Harris)
Organization: Auspex Systems, Santa Clara
Lines: 11


 >> Use only trusted applications which filter out the nasty sequences.  
 >
 >Don't "ls /tmp" since an evil user might give a file an evil name?

Or either 1) use only the BSD "ls" or 2) if you have a sufficiently
modern version of S5, use "ls" only with the "-q" or "-b" options, so
that non-printable characters are displayed as "?" or as "\nnn".

Of course, this doesn't cover all the programs that can be coaxed into
printing out evil file names....