Vulnerability Development mailing list archives
Re: ls bug.
From: "Crist J. Clark" <crist.clark () attbi com>
Date: Sat, 16 Feb 2002 00:19:04 -0800
On Fri, Feb 15, 2002 at 04:04:34PM +0200, Ehud Tenenbaum wrote:
Hey again... Well no point to flame someone for making a mistake no big deal we are sorry for posting this ls bug which is not a bug.
Yes. There is a point. If you are not sure you have a security bug, feel free to post questions about _potential_ issues on this list; it is within the charter. Someone who asks, "Hey, is this a bug? Why does this happen?" would get much nicer treatment than a "Security Team" that makes an announcement about security bugs they have found when they really just don't have a basic understanding of how shell expansions work. The signal-to-noise ration out there is already low enough. The security community does not need people posting bogus alerts whenever someone sees behavior they do not understand.
Petrus : 2 ways to delete -ls ? well here is one rm -rf /full/path/-ls second one rm -rf ./-ls :P
Or, rm -- -ls This is handy for your "bug." You can do, ls -- * And not worry about what flags '*' may expand to. -- Crist J. Clark | cjclark () alum mit edu | cjclark () jhu edu http://people.freebsd.org/~cjc/ | cjc () freebsd org
Current thread:
- ls bug. Ehud Tenenbaum (Feb 15)
- Re: ls bug. Chris Faulhaber (Feb 15)
- Re: ls bug. Blue Boar (Feb 15)
- <Possible follow-ups>
- Re: ls bug. Ehud Tenenbaum (Feb 15)
- Re: ls bug. Crist J. Clark (Feb 16)
- Re: ls bug. Wodahs Latigid (Feb 15)