On Thu, Dec 11, 2014 at 1:41 PM, Steven D'Aprano <[email protected]> wrote: > On Thu, 11 Dec 2014 12:44:51 +1100, Chris Angelico wrote: > >> Agreed. There are ways around some of those problems (eg using wget to >> fetch something, and then looking at it in a text editor - it's hard to >> get pwned through a text editor... though I won't say impossible), but >> there are other issues too, and all in all, it's just best to include >> the text in-line. > > I believe that there was a recently discovered exploit on Linux where > viewing a file with "less" could run arbitrary code.
Which is why I refused to say "impossible" :) Although you gain the additional benefit of an unpredictable attack vector; one person might use 'less', another might open it in SciTE, a third might just cat the file and scroll through it some other way. It's hard to aim at a target that exists in so many pieces, and probably isn't worth the effort of attacking. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
