Vulnerability Development mailing list archives
Re: Unix * weirdness
From: ysyi () TACO ASYNC ORG (Yong S. Yi)
Date: Sat, 1 Jan 2000 17:22:36 -0500
Blue Boar stuffed this in my mailbox Today (01/01/00) at 2:04pm:
This is one of those funny thing I notice when doing my regular job. # rm -R * rm: illegal option -- p rm: illegal option -- o rm: illegal option -- c usage: rm [-fiRr] file ... It took me a minute. It's taking the file named -proc and parsing as if it was a set of command line options. I guess this makes some sense.. I believe the shell just takes all the files and makes them all command-line parameters when you use *.
Right, that's shell expansion for wildcards.
BTW, I got rid of it with: # unlink -proc
Try something like "rm ./-proc", "rm -- -proc", etc.
So, I wonder what other kinds of traps can be laid for the root user or cron jobs, etc... For example, here's a line from my S05RMTMPFILES in /etc/rc2.d dir, on a Solaris 2.6 machine. (Which is where this behavior was noticed): /usr/bin/rm -rf /tmp/*
Nothing. Well, the files will get unlinked, but that's about all. That's matching (for example) "/tmp/-proc", not chdir()'ing into /tmp then running "rm -proc" (unlink()).
So, if I can place an interestingly names file in /tmp (and anyone can) can I get interesting things to happen when the machine reboots.
Not really; I'm sure if you worked out some buffer overflow with 'rm' yada yada (remember the bash PS1 deal?)...
For example, can I get a file with spaces in it? How about the | (vertical bar) character? How about a ; ?
Yes, you can create files with spaces in it, with |'s in it, and ;'s. Like, uh: % pwd /tmp/lame % ls -l -rw------- 1 ysyi ysyi 0 Jan 1 17:19 -asdf -rw------- 1 ysyi ysyi 0 Jan 1 17:19 as -rw------- 1 ysyi ysyi 0 Jan 1 17:19 asd sdk -rw------- 1 ysyi ysyi 0 Jan 1 17:19 asf;fj -rw------- 1 ysyi ysyi 0 Jan 1 17:19 dfklj % rm -rf /tmp/lame/* % ls %
(Yes, I could test it myself if I had time at the moment.)
You didn't have time to test *that*, yet you had time to write this e-mail?
Is this a really old "feature" that everyone knows about except me?
No feature about it -- it's just shell expansion, and the issue being more of a system administration thing than much else. -y. -- Yong S. Yi KeyID 1024/8B4FF151 http://async.org/~ysyi/ PGP Key Fingerprint = 3A 65 AE 82 07 2A EF 73 0B 84 67 5D 1D 96 9F 8D <ysyi () alf dec com> Enriched, VCard, and HTML messages > /dev/null
Current thread:
- Unix * weirdness Blue Boar (Jan 01)
- Re: Unix * weirdness Yong S. Yi (Jan 01)
- Re: Unix * weirdness Forever shall I be. (Jan 01)
- Re: Unix * weirdness Blue Boar (Jan 01)
- Re: Unix * weirdness Warner Losh (Jan 01)
- Re: Unix * weirdness Bernie Cosell (Jan 01)
- Re: Unix * weirdness Blue Boar (Jan 01)
- iishack/tesoiis.c - What's wrong ? Ory Segal (Jan 03)
- Re: iishack/tesoiis.c - What's wrong ? Seth Georgion (Jan 03)
- Re: iishack/tesoiis.c - What's wrong ? The Underground Legendary Emperor (Jan 04)
- Re: Unix * weirdness Blue Boar (Jan 01)
- Re: Unix * weirdness Blue Boar (Jan 01)