[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

[LUG] Linux wildcard poison vulnerability

To: list@xxxxxxxxxxxxx
Subject: [LUG] Linux wildcard poison vulnerability
From: Martijn Grooten <martijn@xxxxxxxxxxxxxxxxxx>
Date: Thu, 3 Jul 2014 22:39:09 +0000
Content-disposition: inline
Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dcglug.org.uk; s=1396810045; h=Sender:Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:List-Unsubscribe:List-Id:Reply-To:Subject:MIME-Version:Message-ID:To:From:Date; bh=yTqJ4ZCR/kbtCvV3Rdfcu6kLEw0zOMmFaUshPELvdI8=; b=413fG9BNGYirig+F0VhLu7EbSQy90mv+ah8HyPVY95QxOuPH8YVDMgkdyqE8GFq7Eh8cFlio27RCdh8Qrw0UH4rwn0F8Z7d9ySUzfm/zPxab1L8p5aaoLVs+i/MkTj0tG8nHINuVVSHWBvFh44/ikEp/Gn8LZ9PnmgtlxeI3OLs=;
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=lapsedordinary.net; s=mail; t=1404427149; bh=bjPxuaSBQqYm/3o3BwVTkQTQ1cWi6LRvJ62n6MO3rtM=; h=Date:From:To:Subject:Message-ID:MIME-Version:Content-Type; b=ZhFtTYt8shgX9bEEHy+Fk8Ip7lvCjJovgduQjFjLRk7TjnV4nEUi4H64rWFamW7IH 3gCpnHkghXKivAeiwpoB8Cy0gyviBc+5KkaJod9UDYWll5HHckHJb9S/ngzQGmTN2K hWf8sfKq9mQUv+EEtK1n5mxL5suZnp4CUH1Zv9VU=

This is interesting, and could potentially have serious consequences -
even if the attack vector is probably rather small.

http://www.theregister.co.uk/2014/07/03/unix_wildcard_vuln_lets_hackers_modify_shell_scripts/

The idea is that many Linux (and Unix) commands are invoked using
wildcards:

  command *

which takes all files in the current directory as arguments. Everyone
who's ever worked with the command line will know this. Just like they
know that options are given to the command as arguments that start with
a dash.

But what if the current directory contains two files: 'foo.txt' and
'-al'. Then a command like

  ls *

is interpreted as

  ls foo.txt -al

in other words, as the command 'ls' with options 'al' on the file
foo.txt. And indeed, rather than a simple list of all the files in the
current directory you get a 'list' consisting solely of foo.txt, but
with its attributes shown.

Martijn.




-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq

Prev by Date: Re: [LUG] Solid State Drive - first time
Next by Date: Re: [LUG] Solid State Drive - first time
Previous by thread: Re: [LUG] Solid State Drive - first time
Next by thread: [LUG] Updates
Index(es):
- Date
- Thread