Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Back To The Future: Unix Wildcards Gone Wild

From: fulldisclosure <fulldisclosure () evolution-hosting eu>
Date: Sat, 28 Jun 2014 12:06:28 +0200
Am 27.06.2014 01:20, schrieb Julius Kivimäki:

Um, this is well documented behavior that's been around for decades. *
expands to all files in the dir as arguments to whatever, if the filename
is "--no-preserve-root -rf .." why shouldn't that be returned?


to be honest, bash shouldn't expand * to "file1 file2 file3 -rf..." it
should do it to "  'file1' 'file2' 'file3' '\-rf'..." instead, with all
meta chars escaped properly. A few weeks ago, we had this discussion
here about windows 7 starting program.exe when you have "/program
files(...." as a path name. That's the same "mishandling" of filenames
like the above is. Both should be properly escaped before it gets processed.

regards,
Marius Schwarz




_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: