Don't run diff3 -e on arbitrary files
diff3 - 3-way differential file comparison
diff3 [-3aEeXx] file1 file2 file3
The diff3 utility compares the contents of three different versions of a
file, file1, file2 and file3, writing the result to the standard output.
-e Produces output in a form suitable as an input script for the
ed(1) utility. The script may then be used to merge differences
common between all three files and differences specific to file1
and file3. In other words, the -e option ignores differences
specific to file1 and file2, and those specific to file2 and
file3. It is useful for backing out changes specific to file2
-x Produces an output script suitable for ed(1) with changes
specific only to all three versions.
The -e option cannot catch and change lines which have `.' as the first
and only character on the line. The resulting script will fail on that
line as `.' is an ed(1) editing command.
Hm. So it sounds like diff3 will copy any dots verbatim. The dot causes ed to
stop editing, and accept further commands. Of course, ed supports ! to execute
It's now not too difficult to craft a bad input Create empty file1 and file2.
Then create file3 as follows:
$ diff3 -e file1 file2 file3
which is an ed script which will run whoami:
$ diff3 -e file1 file2 file3 | ed file1
Suppose the lesson here is simple: where there is smoke, there is fire.
Bugs are often indicative of security issues.