From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.2 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.4
Received: (qmail 16526 invoked from network); 10 Aug 2022 19:13:25 -0000
Received: from 9front.inri.net (168.235.81.73)
  by inbox.vuxu.org with ESMTPUTF8; 10 Aug 2022 19:13:25 -0000
Received: from mx1.riseup.net ([198.252.153.129]) by 9front; Wed Aug 10 15:11:17 -0400 2022
Received: from fews1.riseup.net (fews1-pn.riseup.net [10.0.1.83])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "mail.riseup.net", Issuer "R3" (not verified))
	by mx1.riseup.net (Postfix) with ESMTPS id 4M300J6XzczDqFT
	for <9front@9front.org>; Wed, 10 Aug 2022 19:11:12 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
	t=1660158672; bh=yQcRIOCuDHWJ43u+jNUw+fcTQx1FQFdV+9NAAOTLHYM=;
	h=To:From:Subject:Date:From;
	b=UP3NDIzxblRKGN0BQNc0hXJ89C2E3+X7cxT7PVr0yzZO3y+QqQ/V+EfWfoCqGusMz
	 jyVcJj/GU0hZV1oorZ7ui8s/kkopI5KPLj0KaOrPmdZgozCKR3ZDjD7CarK2DiKWCf
	 amOoACkax5Pi2dInkUkE50Rl50j49dy5gEbEptgU=
X-Riseup-User-ID: AFA19193B1ADCD3D64793154CB266C87FA6F03151BF2A3C9BE09FECA4B94C0F6
Received: from [127.0.0.1] (localhost [127.0.0.1])
	 by fews1.riseup.net (Postfix) with ESMTPSA id 4M300J21cNz5vcM
	for <9front@9front.org>; Wed, 10 Aug 2022 19:11:11 +0000 (UTC)
To: 9front@9front.org
From: mkf9 <mkf9@riseup.net>
Message-ID: <18521c30-7d04-2587-7cc7-7563d64489b7@riseup.net>
Date: Wed, 10 Aug 2022 23:41:08 +0430
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
List-ID: <9front.9front.org>
List-Help: <http://lists.9front.org>
X-Glyph: ➈
X-Bullshit: anonymous realtime out-scaling map/reduce frontend 
Subject: [9front] executable files in '#e'
Reply-To: 9front@9front.org
Precedence: bulk

few days ago i noticed this behaviour on /env,

cpu% hold /env/test
cat: can't open /env/test: '/env/test' file does not exist
#!/bin/rc
echo hello world
cpu% ls -l /env/test
--rw-rw-rw- e 0 mkf mkf 27 Jul 18  2021 /env/test
cpu% /env/test
hello world
cpu%

it executes empty c programs as well, but i couldn't fit programs that 
do something visable inside /env.

is it a security bug?
if yes, a possible attack could be creation of new variable and 
executing it where we don't have file creation access.