>
> at least with GNU rm (and i'm assuming all other versions have a similar
> method), you can use rm -- -proc, but you could have also done rm ./-proc
> (or in this case, rm -R ./*).
I got a lot of replies suggesting these two methods. I believe I tried
single-quoting the filename too, but that didn't work, which surprised me.
# rm '-test'
rm: illegal option -- t
rm: illegal option -- e
rm: illegal option -- s
rm: illegal option -- t
usage: rm [-fiRr] file ...
# rm \-test
rm: illegal option -- t
rm: illegal option -- e
rm: illegal option -- s
rm: illegal option -- t
usage: rm [-fiRr] file ...
>
> All arguments will be prefixed with /tmp/ in this case, thus negating the
> effect. No vulnerability.
How about if there's a space in front?
> Yes, but it won't matter, when it's expanded by the shell they will be
> passed as if they were quoted.
That's what I wanted to know. So why does the shell escape those,
and not the - ? What can't I single-quote around or manually escape
the - ? (using /bin/sh in my examples.) Someone know the section
of shell source code that does this part off of the top of their head?
>
> You need to learn more about how shell expanding, and 'rm' work :)
>
Hmm.. I just did. :)
Based on the number of responses I got, I owe everyone an apology for
posting a stupid question. You all get a stupid question point.
I also apologize for so heavily moderating this thread.. lots of you
posted replies, but there were also lots of dups. I generally used the
reply that got here first, or explained the point best IMo. If you had
an interesting point that someone else didn't cover, and I didn't send
your post through, please re-port and point that out to me.
I'll go away for a while now, and see what default scripts I can
find that use * in stupid ways. :)
BB
Received on Jan 01 2000
Intro
