[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] Back To The Future: Unix Wildcards Gone Wild



Am 27.06.2014 01:20, schrieb Julius Kivimäki:
> Um, this is well documented behavior that's been around for decades. *
> expands to all files in the dir as arguments to whatever, if the filename
> is "--no-preserve-root -rf .." why shouldn't that be returned?
>
to be honest, bash shouldn't expand * to "file1 file2 file3 -rf..." it
should do it to "  'file1' 'file2' 'file3' '\-rf'..." instead, with all
meta chars escaped properly. A few weeks ago, we had this discussion
here about windows 7 starting program.exe when you have "/program
files(...." as a path name. That's the same "mishandling" of filenames
like the above is. Both should be properly escaped before it gets processed.

regards,
Marius Schwarz




_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/