"!" (which precedes command strings in UNIX shell scriptsThis is a very strange way to put it. What they're describing -- I think -- is the fact that many Unix programs (such as the vi editor and a few others) accept ! as a command that would drop you to a shell. However, "command strings in Unix shell scripts" don't have any special characters.
Like the previous poster, I suspect the author of this guideline once encountered a program, possibly written in Perl, that would drop you to a shell when given the command %.
I think what they're trying to say is "Don't build shell escapes in your programs". They're just saying it in a confusing way, with very poor examples. A much better example would be Eric Allman's infamous hack in the early versions of sendmail: he extended the SMTP protocol adapter in sendmail to accept a command SHELL that would give you an interactive shell on the machine the sendmail daemon was running on. Most places ran/run sendmail as root, so you can guess the impact. (You were supposed to give it a password to enable that command, but due to a bug, it didn't demand a password.... BTW, that bug was fixed around 1987 as I recall.)
In reply to Re (3): Acceptance meta code embedded within input data?
by VSarkiss
in thread Acceptance meta code embedded within input data?
by Anonymous Monk
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |