Vulnerability Development mailing list archives

Re: Unix * weirdness

From: ysyi () TACO ASYNC ORG (Yong S. Yi)
Date: Sat, 1 Jan 2000 17:22:36 -0500


Blue Boar stuffed this in my mailbox Today (01/01/00) at 2:04pm:

This is one of those funny thing I notice when doing my regular job.

# rm -R *
rm: illegal option -- p
rm: illegal option -- o
rm: illegal option -- c
usage: rm [-fiRr] file ...

It took me a minute.  It's taking the file named -proc and parsing as if
it was a set of command line options.  I guess this makes some sense.. I
believe the shell just takes all the files and makes them all
command-line parameters when you use *.


Right, that's shell expansion for wildcards.

BTW, I got rid of it with:

# unlink -proc


Try something like "rm ./-proc", "rm -- -proc", etc.

So, I wonder what other kinds of traps can be laid for the root user or
cron jobs, etc...  For example, here's a line from my S05RMTMPFILES in
/etc/rc2.d dir, on a Solaris 2.6 machine. (Which is where this behavior
was noticed):

/usr/bin/rm -rf /tmp/*


Nothing. Well, the files will get unlinked, but that's about all. That's
matching (for example) "/tmp/-proc", not chdir()'ing into /tmp then
running "rm -proc" (unlink()).

So, if I can place an interestingly names file in /tmp (and anyone can)
can I get interesting things to happen when the machine reboots.


Not really; I'm sure if you worked out some buffer overflow with 'rm' yada
yada (remember the bash PS1 deal?)...

For example, can I get a file with spaces in it?  How about the |
(vertical bar) character?  How about a ; ?


Yes, you can create files with spaces in it, with |'s in it, and ;'s.

Like, uh:

% pwd
/tmp/lame
% ls -l
-rw-------   1 ysyi     ysyi            0 Jan  1 17:19 -asdf
-rw-------   1 ysyi     ysyi            0 Jan  1 17:19 as
-rw-------   1 ysyi     ysyi            0 Jan  1 17:19 asd sdk
-rw-------   1 ysyi     ysyi            0 Jan  1 17:19 asf;fj
-rw-------   1 ysyi     ysyi            0 Jan  1 17:19 dfklj
% rm -rf /tmp/lame/*
% ls
%

(Yes, I could test it myself if I had time at the moment.)


You didn't have time to test *that*, yet you had time to write this
e-mail?

Is this a really old "feature" that everyone knows about except me?


No feature about it -- it's just shell expansion, and the issue being more
of a system administration thing than much else.

-y.

--
Yong S. Yi          KeyID 1024/8B4FF151        http://async.org/~ysyi/
PGP Key Fingerprint = 3A 65 AE 82 07 2A EF 73  0B 84 67 5D 1D 96 9F 8D
<ysyi () alf dec com>      Enriched, VCard, and HTML messages > /dev/null

Current thread:

Unix * weirdness Blue Boar (Jan 01)
- Re: Unix * weirdness Yong S. Yi (Jan 01)
- Re: Unix * weirdness Forever shall I be. (Jan 01)
  - Re: Unix * weirdness Blue Boar (Jan 01)
    - Re: Unix * weirdness Warner Losh (Jan 01)
    - Re: Unix * weirdness Bernie Cosell (Jan 01)
    - Re: Unix * weirdness Blue Boar (Jan 01)
    - iishack/tesoiis.c - What's wrong ? Ory Segal (Jan 03)
    - Re: iishack/tesoiis.c - What's wrong ? Seth Georgion (Jan 03)
    - Re: iishack/tesoiis.c - What's wrong ? The Underground Legendary Emperor (Jan 04)
- Re: Unix * weirdness Andrew W. Flury (Jan 01)
  - Re: Unix * weirdness Blue Boar (Jan 01)

(Thread continues...)