Walter wrote:

I managed to delete the files by recreating the directory.

Ah, you have the hacker nature, then. That is probably a Good Thing(TM) ... I was going to suggest

$cp * ../otherdir/
$cd .. && rmdir thatdir
$mv otherdir thatdir


Not to seem ungrateful, but isn't it a Bad Thing that it
is not straightforeward to delete any file on the system
(as root, and thwarted merely because of the characters in
the name of the file/directory)?  I'm not in a position to
mangle lynx, but oughtn't it to be able to zap ANY file
regardless of its name? (emacs is obtuse to me.) Is this
worthy of a PR?  Or are there other ways to kill a
malconforming file?  Why should an annonomous FTP user
be able to create a directory tree that the root account
of the machine can't traverse and delete normally? (Sigh.)

Last question first, because he has the
"cracker" nature?  Nah, nevermind; it
was probably a bot....

As a point of discussion, when was the
last time you attempted to remove a file
dropped by a Windows virus, and were
told, "no way, Jose`" ... (?)

I'm guessing that there is more to it
than the "characters in the name of
the file/directory".  Remember that
the characters we see are ultimately
a symbolic representation of another
type of data, and it is possible to construct
code that would deceive us, or our programs....

To attempt to answer the issue you describe,
on the surface we must assume that this is a
limitation of the interface, i.e. whatever shell you
are using, whatever shell/API/whatever
your application is using.  Obviously if
it can be created, it can be deleted, under
the right circumstances.  But your
removal tool must be at least as powerful
as the one that placed it there; and it's
quite possible that whatever did this is a
tad more powerful than tcsh or bash....

I'm sure if you wanted to write a better
shell, you'd be told to go right ahead :-)

Of more concern to me in this situation
would be .... if this anonymous FTP user
put this "weird" file on your system ... what
*else* did he put there?  Are you sure he
wasn't able to traverse the chrooted
ftp homedir?  If access was gained to the
filesystem at some lower level ... hmm....

I think you should definitely attempt
to analyze whether this machine has
been totally compromised...and quite
possibly treat it as such...of course,
I'm a little overcautious (read A**l) re:
security issues like this... ;-)

Maybe the security list; or, perhaps
better, another thread here to solicit
opinions on whether you have aught
to fear from this...but, maybe I'm just
plain wrong.

Kevin Kinsey
DaleCo, S.P.
[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to