Full Disclosure mailing list archives
Re: Back To The Future: Unix Wildcards Gone Wild
From: * <turmoil () privacyrequired com>
Date: Sat, 28 Jun 2014 11:40:49 -0700
On 06/28/2014 03:26 AM, steel-wing () att net wrote:
Unfortunately, this analysis is just as flawed as defencecode's. Programs like 'rm' are even less "to blame" for this than the shell. As to the proposed solution: What you are suggesting is to have rm attempt to match every option passed to it against every file single before said file is to be removed. Correct?
I'm mostly siding with the others on the list saying this is both very old, and mostly a non-issue, but the problem shown isn't in called programs, like rm, but of the shell. If there ever is to be a fix for this, it'd probably be to have an option of the shell to warn the user that there are strings in any expanded variables that may be interpreted as -arguments. _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Back To The Future: Unix Wildcards Gone Wild defensecode (Jun 26)
- Re: Back To The Future: Unix Wildcards Gone Wild Michal Zalewski (Jun 26)
- Re: Back To The Future: Unix Wildcards Gone Wild Julius Kivimäki (Jun 27)
- Re: Back To The Future: Unix Wildcards Gone Wild fulldisclosure (Jun 28)
- Re: Back To The Future: Unix Wildcards Gone Wild Daniel Miller (Jun 28)
- Re: Back To The Future: Unix Wildcards Gone Wild Nico Le Moin (Jun 29)
- Re: Back To The Future: Unix Wildcards Gone Wild fulldisclosure (Jun 28)
- Re: Back To The Future: Unix Wildcards Gone Wild gremlin (Jun 27)
- Re: Back To The Future: Unix Wildcards Gone Wild Nick Lindridge (Jun 27)
- Re: Back To The Future: Unix Wildcards Gone Wild steel-wing (Jun 28)
- Re: Back To The Future: Unix Wildcards Gone Wild Cley Faye (Jun 28)
- Re: Back To The Future: Unix Wildcards Gone Wild * (Jun 28)
- Re: Back To The Future: Unix Wildcards Gone Wild steel-wing (Jun 28)
- Re: Back To The Future: Unix Wildcards Gone Wild Ivan Delalande (Jun 27)
- Re: Back To The Future: Unix Wildcards Gone Wild Michal Zalewski (Jun 27)
- Re: Back To The Future: Unix Wildcards Gone Wild Peter Stamfest (Jun 29)