[7048] in bugtraq
Re: textcounter.pl (alternate fix)
daemon@ATHENA.MIT.EDU (Steve Reid)
Fri Jun 26 18:37:52 1998
Date: Thu, 25 Jun 1998 12:32:31 -0700
Reply-To: Steve Reid <sreid@ALPHA.SEA-TO-SKY.NET>
From: Steve Reid <sreid@ALPHA.SEA-TO-SKY.NET>
X-To: Andrew McNaughton <andrew@SQUIZ.CO.NZ>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <v02120d07b1b65ef8b863@[192.168.1.2]>
> The fix I present has the undesirable result that it means the user can
> create files with dangerous file names - the file gets created, and then
> someone comes along and does a "rm *". and that filename with a pipe
> character and evil command executes.
That shouldn't be a problem. Most (all?) shells will escape
metacharacters when expanding wildcards. If it doesn't, it could be
considered a bug in the shell.
What you _do_ have to worry about is filenames that look like options to
rm. If someone creates a file called "-Rf", doing an "rm *" could wipe
out subdirectories.
