> Well if this allows arbitrary data to be fed into the file and later
> be displayed by who or last then that data could be made to contain
> escape sequences, and either hide other lines that would normally be
> displayed (so you don't know someone has logged into the machine), or
> output other malicious escape sequences (key rebindings, whatever).
I think such things are considered terminal emulator bugs these days.
(Which makes sense given that we can't fix head/tail/cat/...)
* Joey Hess:
> Well if this allows arbitrary data to be fed into the file and later
> be displayed by who or last then that data could be made to contain
> escape sequences, and either hide other lines that would normally be
> displayed (so you don't know someone has logged into the machine), or
> output other malicious escape sequences (key rebindings, whatever).
I think such things are considered terminal emulator bugs these days.
(Which makes sense given that we can't fix head/tail/cat/...)