TIL zgrep(1) is a shell script. BSD basically does “zcat | grep”, but GNU does “gzip -dc | sed”. How did I learn that? The fun way! CVE-2022-1271, arbitrary-file-write _and_ code execution vulnerability in GNU zgrep / gzip. https://t.co/gvSYfuahcq