| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 29 Jun 2014 15:02:23 +0200 From: Peter Stamfest <peter@...mfest.at> To: fulldisclosure@...lists.org Subject: Re: [FD] Back To The Future: Unix Wildcards Gone Wild Am 2014-06-26 19:56, schrieb Ivan Delalande: > Hi, > > On Thu, Jun 26, 2014 at 10:40:21AM +0200, defensecode wrote: >> We wanted to inform all major *nix distributions via our responsible >> disclosure policy about this problem before posting it, because it is >> highly likely that this problem could lead to local root access on many >> distributions. But, since part of this research contained in the document >> was mentioned on some blog entries, we are forced to release it in a >> full version. >> >> Download URL: >> http://www.defensecode.com/public/DefenseCode_Unix_WildCards_Gone_Wild.txt > What kind of response are you expecting from the various distros on this > exactly? Having "noglob" option enabled by default on all the shells on > the system? > > Thanks, The main issue here is, that nobody is using the double dash to inform utilities to stop option processing. the correct call for rm would always have to be rm <your options> -- * aliases come to mind as comes an option to have a shell expand wildcards to a list prefixed with a double dash IFF any file starts with a dash. Peter _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists