[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] Back To The Future: Unix Wildcards Gone Wild

To: defensecode <defensecode@xxxxxxxxxxxxxxx>, fulldisclosure@xxxxxxxxxxxx
Subject: Re: [FD] Back To The Future: Unix Wildcards Gone Wild
From: Nick Lindridge <nick@xxxxxxxxxxx>
Date: Fri, 27 Jun 2014 11:39:22 +0100

This is an interesting old trick but not any fault with the wildcardmechanism (though a bit array indicating whether an argv item is theresult of an expansion would be nice). Taking the rm program as anexample, the vulnerability report should really be citing rm asvulnerable for failing to factor knowledge of this behaviour into somesanity checking. As a start, rm could test to see whether any of thecommand line options match files to be removed, knowing that the optioncould then have come from an unintended wildcard expansion. The programcould then require an option to force the operation.

If we accept therefore that the deficiency is with the utilitiesthemselves, perhaps you could research and contribute a vulnerabilityreport that lists all of the commonly used programs that could beaffected by this behaviour. Such a report could set the basis for a roadmap of improvement in the listed utilities.


Nick

On 26/06/2014 09:40, defensecode wrote:

Hi,

We wanted to inform all major *nix distributions via our responsible
disclosure policy about this problem before posting it, because it is
highly likely that this problem could lead to local root access on many
distributions. But, since part of this research contained in the document
was mentioned on some blog entries, we are forced to release it in a
full version.

Download URL:
http://www.defensecode.com/public/DefenseCode_Unix_WildCards_Gone_Wild.txt

Regards,
Leon Juranic


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/


--
Best regards
Nick
--
ionCube Software LLP
@ioncube / uk.linkedin.com/in/nicklindridge
+44-208-099-3608


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Follow-Ups:
- Re: [FD] Back To The Future: Unix Wildcards Gone Wild
  - From: steel-wing

References:
- [FD] Back To The Future: Unix Wildcards Gone Wild
  - From: defensecode

Prev by Date: Re: [FD] Back To The Future: Unix Wildcards Gone Wild
Next by Date: Re: [FD] Back To The Future: Unix Wildcards Gone Wild
Previous by thread: Re: [FD] Back To The Future: Unix Wildcards Gone Wild
Next by thread: Re: [FD] Back To The Future: Unix Wildcards Gone Wild
Index(es):
- Date
- Thread