R – How to sanitize Erlang input


I was playing around with the erlang shell today and noticed that I could do command injections, something like the following:

io:get_chars("Cmd> ", 3).
Cmd> Dud List=[3,4,5]. io:get_line("I just took over your shell!").

Is there a way to sanitize the get_chars function's input so this isn't possible?

Best Solution

you aren't really doing command injections. io:get_chars("Cmd> ", 3). simply does it's job: read 3 characters from the input stream. everything entered after these is processed by the erlang shell as part of the normal read-eval-print loop.