From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: To: 9fans@9fans.net From: Richard Miller <9fans@hamnavoe.com> Date: Sun, 28 Sep 2014 10:39:00 +0100 In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Subject: Re: [9fans] shell functions Topicbox-Message-UUID: 177202ce-ead9-11e9-9d60-3106f5b1d025 > when rc is invoked, rc reconstructs shell variable and shell functions = using files in /env/. > in case of shell functions, rc evaluates whole data in the file. > this feature makes problem if the content is > fn foo {=E2=80=A6}; maliciouscommand How would a malicious agent put something into /env? If it's possible, how is this different from putting something into $home/bin/rc or binding something into /rc/bin ?