Re: netcat -e, the GAPING_SECURITY_HOLE. But, really?
I didn't realize it would be a problem. The reason I posted the link because the original link also has comments by other folks, which I thought members on this forum would like to read in context. Anyway, I'm including the question body inline now. Please reply... and don't be sarcastic this time, :-)
Why does the BSD version 1.10 of `nc` disable the `-e` option found in other, so-called insecure distributions when the same dangerous feature could be trivially achieved as follows even with the 'secure' version of `nc`:
Now, if I were to wrap-up the incantation on Machine A in a script (that, if passed a `-e` argument, effectively does the above), I have essentially introduced the 'gaping security hole' without having to step down to the Makefile and build level.
So, why go to the extent of `#define`-ing GAPING_SECURITY_HOME in `netcat.c`?