ifne.1: Improve example that pipes to mail to avoid escape sequences

As recently seen in fail2ban's security hole (CVE-2021-32749), piping user controlled input to mail is exploitable, since a line starting with "~! foo" in the input will run command foo. A core file named like that is not impossible, so guard against it in this example. Sponsored-by: Jack Hill on Patreon
author: Joey Hess <joeyh@joeyh.name> 2021-09-28 08:12:42 -0400
committer: Joey Hess <joeyh@joeyh.name> 2021-09-28 08:12:42 -0400
commit: f4a811d0a1fafb3d7b0e7f514d85916ae3933942 (patch)
tree: 6518039d2c02503f4b087125bc9bdc5c98c82088 /ifne.docbook
parent: 6140dbc815ef70b11982ff1ed7b3885426e30dda (diff)
download: moreutils-f4a811d0a1fafb3d7b0e7f514d85916ae3933942.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/ifne.docbook b/ifne.docbook
index e9c4569..2dbf215 100644
--- a/ifne.docbook
+++ b/ifne.docbook
@@ -79,7 +79,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
 	<refsect1>
 		<title>EXAMPLE</title>
 		<cmdsynopsis>
-			<command>find . -name core | ifne mail -s "Core files found" root</command>
+			<command>find . -name core | ifne mail -E 'set escape' -s "Core files found" root</command>
 		</cmdsynopsis>
 	</refsect1>
author	Joey Hess <joeyh@joeyh.name>	2021-09-28 08:12:42 -0400
committer	Joey Hess <joeyh@joeyh.name>	2021-09-28 08:12:42 -0400
commit	f4a811d0a1fafb3d7b0e7f514d85916ae3933942 (patch)
tree	6518039d2c02503f4b087125bc9bdc5c98c82088 /ifne.docbook
parent	6140dbc815ef70b11982ff1ed7b3885426e30dda (diff)
download	moreutils-f4a811d0a1fafb3d7b0e7f514d85916ae3933942.tar.gz