lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <53AE93A4.5090104@evolution-hosting.eu> Date: Sat, 28 Jun 2014 12:06:28 +0200 From: fulldisclosure <fulldisclosure@...lution-hosting.eu> To: fulldisclosure@...lists.org Subject: Re: [FD] Back To The Future: Unix Wildcards Gone Wild Am 27.06.2014 01:20, schrieb Julius Kivimäki: > Um, this is well documented behavior that's been around for decades. * > expands to all files in the dir as arguments to whatever, if the filename > is "--no-preserve-root -rf .." why shouldn't that be returned? > to be honest, bash shouldn't expand * to "file1 file2 file3 -rf..." it should do it to " 'file1' 'file2' 'file3' '\-rf'..." instead, with all meta chars escaped properly. A few weeks ago, we had this discussion here about windows 7 starting program.exe when you have "/program files(...." as a path name. That's the same "mishandling" of filenames like the above is. Both should be properly escaped before it gets processed. regards, Marius Schwarz _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists