Xref: utzoo news.sysadmin:1776 comp.unix.wizards:13098
Path: utzoo!utgpu!watmath!clyde!att!pacbell!ames!vsi1!lmb
From: lmb@vsi1.UUCP (Larry Blair)
Newsgroups: news.sysadmin,comp.unix.wizards
Subject: Re: Trojan horse possible with news readers
Message-ID: <1261@vsi1.UUCP>
Date: 2 Dec 88 17:40:54 GMT
References: <6775@rosevax.Rosemount.COM>
Reply-To: lmb@vsi1.UUCP (Larry Blair)
Organization: VICOM Systems Inc., San Jose, CA
Lines: 13

In article <6775@rosevax.Rosemount.COM> merlyn@ernie.rosemount.com writes:
=Many news reading programs (rn, vnews, others?) allow you include the
=original text when following-up or replying-to articles.  The
=default editor is usually vi; some versions of vi will execute
=commands if it sees a line (near the top or bottom of a file)
=of the form <:><:>

The newsreader I use (rn) prepends a string to the included text.
I don't believe that those braindamaged versions of vi will execute:

> ex:!sh -c 'echo any command'>/tmp/NEWSBUG:
-- 
Larry Blair   ames!vsi1!lmb   lmb%vsi1.uucp@ames.arc.nasa.gov