[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Strange file -i
From: |
Stephane Chazelas |
Subject: |
Re: Strange file -i |
Date: |
Thu, 5 Mar 2015 20:52:24 +0000 |
User-agent: |
Mutt/1.5.21 (2010-09-15) |
2015-03-05 15:20:44 -0500, Chet Ramey:
[...]
> For example, I never do this:
>
> > $ perl -ne 'print if /foo/' *
>
> I just use grep directly.
That was just a basic example.
What about:
sed 's/foo/bar/g' *
?
> Or this:
>
> > rm -- *
[...]
Then, you're in for some bad surprise some day.
You should definitely do that in scripts that you share with
others at least. Not doing it is introducing a security
vulnerability.
sed 's/foo/bar/' *
is OK with non-GNU seds, but with GNU sed (that accepts options
after arguments), it's an arbitrary command execution
vulnerability.
For instance if there's a file called
-e1s:.*:uname>\&2:e (left there by another cheeky user, some
malware, a dodgy tarball (like bash's that contain a -i file
:-b))
sed s/foo/bar/ *
runs uname for every non-empty file in the directory.
--
Stephane
Re: Strange file -i, Jean Delvare, 2015/03/04