Vulnerability Development mailing list archives

Re: ls bug.

From: Chris Faulhaber <jedgar () fxp org>
Date: Fri, 15 Feb 2002 08:58:00 -0500

On Fri, Feb 15, 2002 at 08:27:38AM +0200, Ehud Tenenbaum wrote:

Greetings,

...


ls reading flags from filename which might lead to root backdoor as a
concept, i.e. cat >-ls;id and the wait for root to ls * .


The problem is your shell is expanding the '*' before ls(1)
is called so ls(1) sees:

ls -ls <your files here> ...

Try adding a '--' before the '*':

$ ls -- *

which should give you the correct output.

-- 
Chris D. Faulhaber - jedgar () fxp org - jedgar () FreeBSD org
--------------------------------------------------------
FreeBSD: The Power To Serve   -   http://www.FreeBSD.org

Attachment: _bin
Description:

Current thread:

ls bug. Ehud Tenenbaum (Feb 15)
- Re: ls bug. Chris Faulhaber (Feb 15)
- Re: ls bug. Blue Boar (Feb 15)
- <Possible follow-ups>
- Re: ls bug. Ehud Tenenbaum (Feb 15)
  - Re: ls bug. Crist J. Clark (Feb 16)
- Re: ls bug. Wodahs Latigid (Feb 15)