Re: Unix * weirdness

[zinx () LINUXFREAK COM (Forever shall I be.)]

Blue Boar wrote:

> This is one of those funny thing I notice when doing my regular job.
>
> I had to clean out the following directory:  (It's from a firewall-1
> install, if you're curious)
>
> ls -al
> total 62
> -rw-r--r--   1 root     other         24 Apr 16  1999 -proc
> drwxr-xr-x  11 root     root         512 Dec 30 18:13 .
> drwxr-xr-x  23 root     root         512 Dec 30 17:25 ..
> drwx------   2 root     bin         1024 Aug  5 20:32 bin
> drwx------   2 root     bin          512 Jan 13  1999 cisco
> drwx------   2 root     bin          512 Jan 13  1999 doc
> drwx------   3 root     bin         1024 Apr 16  1999 lib
> drwx------   2 root     other      13312 Dec 22 00:01 log
> drwx------   2 root     root        8192 Jan 13  1999 lost+found
> drwx------   5 root     bin          512 Jan 13  1999 man
> drwx------   2 root     bin          512 Apr 16  1999 modules
> drwx------   2 root     bin         1024 Jan 13  1999 scripts
>
> # rm -R *
> rm: illegal option -- p
> rm: illegal option -- o
> rm: illegal option -- c
> usage: rm [-fiRr] file ...
>
> It took me a minute.  It's taking the file named -proc and parsing as
> if it was a set of command line options.  I guess this makes some
> sense.. I believe the shell just takes all the files and makes them all
> command-line parameters when you use *.

Yes, the shell only does the expansion, the program parses the command
line arguments.

> Naturally, I've been thinking about the possibilities...  I haven't
> had much time to work out details (got sucked into Y2K weekend
> work) so I wanted to pass this to the list for further explanation.
>
> BTW, I got rid of it with:
>
> # unlink -proc

at least with GNU rm (and i'm assuming all other versions have a similar
method), you can use rm -- -proc, but you could have also done rm ./-proc
(or in this case, rm -R ./*).

> So, I wonder what other kinds of traps can be laid for the root
> user or cron jobs, etc...  For example, here's a line from my
> S05RMTMPFILES in /etc/rc2.d dir, on a Solaris 2.6 machine.
> (Which is where this behavior was noticed):
>
> /usr/bin/rm -rf /tmp/*

All arguments will be prefixed with /tmp/ in this case, thus negating the
effect.  No vulnerability.

> So, if I can place an interestingly names file in /tmp
> (and anyone can) can I get interesting things to happen
> when the machine reboots.

Nope.

> For example, can I get a file with spaces in it?  How about
> the | (vertical bar) character?  How about a ; ?

Yes, but it won't matter, when it's expanded by the shell they will be
passed as if they were quoted.

> (Yes, I could test it myself if I had time at the moment.)
>
> Is this a really old "feature" that everyone knows about except me?

You need to learn more about how shell expanding, and 'rm' work :)

>                                               BB


--
Zinx Verituse (finger @bliss.penguinpowered.com for pgp/gpg keys)(new jul10/99)
pgp9FE5C9747EB8FF329BB13199C4008E67/gpg574673A12184A27A9EC0EDCCE132BCEF921B1558
0"2-1=0>0:1(2<192:0?0;0A0@2=0<0=1.0A2=0<2A0-">:#v_52*,@
55*-3*\68*-+,                                v  >