henry (02/17/83)
Made a simple modification to the uuxqt program to reject command lines containing almost any shell metacharacter. This plugs, fairly simply, a multitude of well-known security problems. (Uuxqt attempts to decide whether the command the remote system has asked for is legitimate; the problems arise from being able to "hide" commands within shell syntax that's tricky enough to confuse uuxqt. The change simply outlaws all but the most straightforward shell syntax, which is no loss in this context.)