4. For those that like to use Wildcards - Please Read

For those that like to use Wildcards - Please Read

  • Moderator

    http://seclists.org/fulldisclosure/2014/Jun/136

    0
  • C

    But this stuff has been known for decades.  No harm in reminding people of old vulnerabilities and best practices, but it's certainly not another heart-bleed.

    0
  • K

    Clever but hard to exploit in reality. The command part of the command line is already set and can not be changed by the glob expansion so it's limited to changing the behaviour of known commands. Many times you're better off by not using wildcards at all, people tend to write silly commands likegrep -r foobar *etc. where it's better to replace the wildcard with a dot (.) and let grep(1) do the expansion and recursion itself. Also if you want to protect against such tricks you can use the end of arguments list -argument```

    alias rm='/bin/rm -i --'

    
That would no longer try to interpret file names like '-rf' as options if run as 'rm *'
    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy