Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Back To The Future: Unix Wildcards Gone Wild

From: * <turmoil () privacyrequired com>
Date: Sat, 28 Jun 2014 11:40:49 -0700
On 06/28/2014 03:26 AM, steel-wing () att net wrote:

Unfortunately, this analysis is just as flawed as defencecode's.
Programs like 'rm' are even less "to blame" for this than the shell.
As to the proposed solution:
What you are suggesting is to have rm attempt to match every
option passed to it against every file single before said file
is to be removed. Correct?


I'm mostly siding with the others on the list saying this is both very
old, and mostly a non-issue, but the problem shown isn't in called
programs, like rm, but of the shell.
If there ever is to be a fix for this, it'd probably be to have an
option of the shell to warn the user that there are strings in any
expanded variables that may be interpreted as -arguments.

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: