.plan

[Guy Harris]

 >> Use only trusted applications which filter out the nasty sequences.  
 >
 >Don't "ls /tmp" since an evil user might give a file an evil name?

Or either 1) use only the BSD "ls" or 2) if you have a sufficiently
modern version of S5, use "ls" only with the "-q" or "-b" options, so
that non-printable characters are displayed as "?" or as "\nnn".

Of course, this doesn't cover all the programs that can be coaxed into
printing out evil file names....