Am 2014-06-26 19:56, schrieb Ivan Delalande: > Hi, > > On Thu, Jun 26, 2014 at 10:40:21AM +0200, defensecode wrote: >> We wanted to inform all major *nix distributions via our responsible >> disclosure policy about this problem before posting it, because it is >> highly likely that this problem could lead to local root access on many >> distributions. But, since part of this research contained in the document >> was mentioned on some blog entries, we are forced to release it in a >> full version. >> >> Download URL: >> http://www.defensecode.com/public/DefenseCode_Unix_WildCards_Gone_Wild.txt > What kind of response are you expecting from the various distros on this > exactly? Having "noglob" option enabled by default on all the shells on > the system? > > Thanks,
The main issue here is, that nobody is using the double dash to inform utilities to stop option processing. the correct call for rm would always have to be rm <your options> -- * aliases come to mind as comes an option to have a shell expand wildcards to a list prefixed with a double dash IFF any file starts with a dash. Peter _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
