Re: Unix * weirdness

[imp () VILLAGE ORG (Warner Losh)]

In message <386EC85E.61F6F9C7 () thievco com> Blue Boar writes:
: I got a lot of replies suggesting these two methods.  I believe I tried
: single-quoting the filename too, but that didn't work, which surprised me.

This doesn't suprise me.  All you are doing by this is protecting
things against shell expansion.  Shell passes "-test" to rm if you
invoke it in any of the following ways:
        rm -test
        rm '-test'
        rm \-test
        rm "-test"

: How about if there's a space in front?

Like I said in other mail, after the globbing happens, the shell DOES
NOT rescan the line, so there is no vulnerability.

If we had a file named 'fred bob' and '-rf /', then rm * would result
in the shell calling[*] rm with the following args
        "rm"
        "-rf /"
        "fred bob"
        NULL

rm would see the first arg and getopt would try the 'r' flag, the 'f'
flag, the ' ' flag and the '/' flag.  The - at the beginning of the
arg causes all of the characters to be treated as single character
arguements.

: That's what I wanted to know.  So why does the shell escape those,
: and not the - ?  What can't I single-quote around or manually escape
: the - ?  (using /bin/sh in my examples.)  Someone know the section
: of shell source code that does this part off of the top of their head?

Because the shell doesn't consider - special[**].  It doesn't do
anything with - except pass it along.  So if you quote it, it will
still pass it along.  There's nothing to expand.  Quoting to protect
something from the shell doesn't have any effect on those things that
the shell doesn't use.

Warner

[*] Ok, shell calls execvp(2) or some other variant.

[**] OK, shell does use '-' for [a-z]-like phrases, but that's not
what we're talking about.