Re: A simple hate today.

[prev] [thread] [next] [lurker] [Date index for 2006/05/25]

From: H.Merijn Brand
Subject: Re: A simple hate today.
Date: 20:58 on 25 May 2006
On Thu, 25 May 2006 21:48:32 +0200, Juerd <juerd@xxxxxxxxxxx.xx> wrote:

> H.Merijn Brand skribis 2006-05-25 21:46 (+0200):
> > > -? is still dangerous:
> > >     touch -- -r
> > >     foo -?
> > Your fault, core dumped.
> 
> Well, imagine "touch -- -r" was actually "bar /etc/passwd", which is
> closed source and left a file called "-r" in the cwd.

Sew them! Sew them! Priority 1 security problem :)

> Do you encourage running "ls" before using "-?", for security reasons?

I can't count the number of times I do 'l' (an alias for 'ls -a')

> > > Now, -? might resolve to -r, which in foo's case, means foo tries to
> > > delete every file in your home directory. Too bad.
> > That is unix. You asked for it, you got it.
> > That is why many shells have aliasses and completions.
> > rm -i is the default for a lot of users
> 
> An alias for rm won't help against a direct unlink call.

true

-- 
H.Merijn Brand        Amsterdam Perl Mongers (http://amsterdam.pm.org/)
using & porting perl 5.6.2, 5.8.x, 5.9.x  on HP-UX 10.20, 11.00, 11.11,
& 11.23, SuSE 10.0, AIX 4.3 & 5.2, and Cygwin.       http://qa.perl.org
http://mirrors.develooper.com/hpux/           http://www.test-smoke.org
                       http://www.goldmark.org/jeff/stupid-disclaimers/
There's stuff above here

Generated at 09:00 on 29 May 2006 by mariachi 0.52