The INQUIRE command performs symbol substitution on input, which can be
misused to break the COM-file.

Problem 1:
  $ INQUIRE FNM "File"

  'F$VERIFY(1)' is equivalent to $ SET VERIFY

Problem 2:
   $ INQUIRE FNM "File"

  'F$PID(SET)' and
  'F$CSID(SET)' and
  'F$CONTEXT("PROCESS",SET,"NODENAME","*","EQL")'
  are equivalent to $ SET=number

  (IF can also be used instead of SET)

Solution:
  replace
    $ INQUIRE FNM "File"
  with
    $ READ/PROMPT="File: " SYS$COMMAND FNM

Symbol substitutions as parameters can also be used to gain control.

Problem:
  $ READ/PROMPT="File: " SYS$COMMAND FNM
  $ TYPE 'FNM'

  @TT: + NLA0: + any DCL command will TYPE NLA0: and execute any DCL command

Solution:
  replace
    $ TYPE 'FNM'
  with
    $ TYPE &FNM