As of Miller 5.9.0, you can have a
.mlrrc
file containing preferred flags.
As reported in https://github.com/johnkerl/miller/issues/363, it would be possible for someone to prepare a repository or some other zipfile/tarfile, for example, containing datasets, and send it to you. They could have a line of the form prepipe do_something_bad; cat
in that repository, so when you ran any mlr
commands in there, it would run the do_something_bad
command (whatever that might be).
The fix is (a) disallow prepipe
within .mlrrc files
; (b) as a consolation, allow new prepipe-zcat
and prepipe-gunzip
options which are safe to use.