From: busybox <busybox-boun...@busybox.net> on behalf of Michael Conrad mcon...@intellitree.com<mailto:mcon...@intellitree.com> > The underlying root problem here is the same as SQL injection or HTML > cross-site scripting attacks. > You have data, and you emit it in a context that is expecting a > language/protocol of some sort, not raw data. > You then need to escape anything in your data that could be misinterpreted as > the protocol. > We're really lucky that there isn't any way to make a TTY execute commands or > delete files or grant user permissions.
Sadly, there are some terminals that give more control than they should https://dgl.cx/2023/09/ansi-terminal-security The easier and simpler attack here though is masking the content of an archive Any email and files/attachments transmitted with it are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.
_______________________________________________ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox