[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: du wildcards interpretation security flaw

From: Bob Proulx
Subject: Re: du wildcards interpretation security flaw
Date: Fri, 1 Mar 2002 21:24:46 -0700

> I ve got a file in my home directory, that begins with a "-".  See
> the output of du -sh * below. Maybe tomeone could place some nasty
> files in temp, and whet root does a du, then...

Please check out the faq on filenames that start with a dash.


> io-ii:/data/sort/johnny # du -sh *
> du: invalid option -- p
> Try `du --help' for more information.
> io-ii:/data/sort/johnny #
> io-ii:/data/sort/johnny # du -sh -- *
> 400k    -pilot-link.0.9.3.tar.bz2
> [...]

You have found the way to avoid having commands see filenames as
options.  Also works are 'du -sh ./*' etc.

> The exploit below doesn't work:
> touch \>\ xyz
> io-ii:/tmp/xxxxx # du -sh *
> 0       > xyz
> 0       a
> 0       aa
> 0       aaaa
> Maybe there are some more clever/nasty persons out there, who could
> develop a "better" exploit.

Just because you have a file named "> xyz" does not mean that file
globbing, the expansion of shell metacharacters into filenames, will
execute those names as commands.  Those are filenames and filenames
are NOT executed as shell commands.  There is no exploit here.  Thanks
for trying but you will have to do better.  :-)


reply via email to

[Prev in Thread] Current Thread [Next in Thread]