Reply to post:

Until last week, you could pwn KDE Linux desktop with a USB stick


Hmm. Is the volume label being passed to a shell for interpretation (hence allowing execution of the $(touch b), instead of just being passed as an argument to exec()? Why?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019