Re: Unix * weirdness

[BlueBoar () THIEVCO COM (Blue Boar)]

> at least with GNU rm (and i'm assuming all other versions have a similar
> method), you can use rm -- -proc, but you could have also done rm ./-proc
> (or in this case, rm -R ./*).

I got a lot of replies suggesting these two methods.  I believe I tried
single-quoting the filename too, but that didn't work, which surprised me.

# rm '-test'
rm: illegal option -- t
rm: illegal option -- e
rm: illegal option -- s
rm: illegal option -- t
usage: rm [-fiRr] file ...

# rm \-test
rm: illegal option -- t
rm: illegal option -- e
rm: illegal option -- s
rm: illegal option -- t
usage: rm [-fiRr] file ...

> All arguments will be prefixed with /tmp/ in this case, thus negating the
> effect.  No vulnerability.

How about if there's a space in front?

> Yes, but it won't matter, when it's expanded by the shell they will be
> passed as if they were quoted.

That's what I wanted to know.  So why does the shell escape those,
and not the - ?  What can't I single-quote around or manually escape
the - ?  (using /bin/sh in my examples.)  Someone know the section
of shell source code that does this part off of the top of their head?

> You need to learn more about how shell expanding, and 'rm' work :)

Hmm.. I just did. :)

Based on the number of responses I got, I owe everyone an apology for
posting a stupid question.  You all get a stupid question point.

I also apologize for so heavily moderating this thread.. lots of you
posted replies, but there were also lots of dups.  I generally used the
reply that got here first, or explained the point best IMo.  If you had
an interesting point that someone else didn't cover, and I didn't send
your post through, please re-port and point that out to me.

I'll go away for a while now, and see what default scripts I can
find that use * in stupid ways. :)

                                        BB