Home page logo

bugtraq logo Bugtraq mailing list archives

Re: textcounter.pl (alternate fix)
From: sreid () ALPHA SEA-TO-SKY NET (Steve Reid)
Date: Thu, 25 Jun 1998 12:32:31 -0700

The fix I present has the undesirable result that it means the user can
create files with dangerous file names - the file gets created, and then
someone comes along and does a "rm *". and that filename with a pipe
character and evil command executes.

That shouldn't be a problem. Most (all?) shells will escape
metacharacters when expanding wildcards. If it doesn't, it could be
considered a bug in the shell.

What you _do_ have to worry about is filenames that look like options to
rm. If someone creates a file called "-Rf", doing an "rm *" could wipe
out subdirectories.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]