Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    For those that like to use Wildcards - Please Read

    General pfSense Questions
    3
    3
    607
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • BBcan177
      BBcan177 Moderator last edited by

      http://seclists.org/fulldisclosure/2014/Jun/136

      "Experience is something you don't get until just after you need it."

      Website: http://pfBlockerNG.com
      Twitter: @BBcan177  #pfBlockerNG
      Reddit: https://www.reddit.com/r/pfBlockerNG/new/

      1 Reply Last reply Reply Quote 0
      • C
        charliem last edited by

        But this stuff has been known for decades.  No harm in reminding people of old vulnerabilities and best practices, but it's certainly not another heart-bleed.

        1 Reply Last reply Reply Quote 0
        • K
          kpa last edited by

          Clever but hard to exploit in reality. The command part of the command line is already set and can not be changed by the glob expansion so it's limited to changing the behaviour of known commands. Many times you're better off by not using wildcards at all, people tend to write silly commands likegrep -r foobar *etc. where it's better to replace the wildcard with a dot (.) and let grep(1) do the expansion and recursion itself. Also if you want to protect against such tricks you can use the end of arguments list -argument```

          alias rm='/bin/rm -i --'

          
That would no longer try to interpret file names like '-rf' as options if run as 'rm *'
          1 Reply Last reply Reply Quote 0
          • First post
            Last post