MOO-cows Mailing List Archive


Re: escape

This is dangerous.  The escape character can be used to remap characters 
on the client's keyboard with commands.  For instance, if I had the 
escape character and knew how to do it, I could remap your enter key with 
the command rm -r /, so that every time you hit 'enter', the command rm 
-r / would be executed with your permissions.  (For those non-UNIX bums out 
there, rm -r / deletes everything on any drive connected to your 
computer.  If you're root, that is.  Otherwise, it just creates a ton of 
error messages and only deletes everything you own.)

It may be possible to do it with non-UNIX systems as well.  And not all 
UNIX systems may have this hole, but it does exist as a standard, or so I 

And any programmer on a MOO can rewrite his or her :notify verb to catch 
the escape character.  Again, only do it if you ***REALLY*** trust 
everyone on the MOO, and never plan on opening up the MOO to people you 
don't ***REALLY*** trust.

On Wed, 10 Jan 1996, David Matovich wrote:

> I use escapes in my player:notify all the time, for my ANSI portion of 
> the MOO.  But of course, I programed a bf_esc built-in function that 
> supplys the actual escape character...but the rest of the sequence is of 
> course typable.  SO making a player see red is.
> player:notify(esc()+"[0;31m");

Follow-Ups: References:

Home | Subject Index | Thread Index