On Wed, 18 Nov 2020 11:48:52 +0000, Jonathan Buzzard said: > So what do I mean by "wacky" characters. Well remember a file name can > have just about anything in it on Linux with the exception of '/', and
You want to see some fireworks? At least at one time, it was possible to use a file system debugger that's all too trusting of hexadecimal input and create a directory entry of '../'. Let's just say that fs/namei.c was also far too trusting, and fsck was more than happy to make *different* errors than the kernel was.... > The obvious ones are spaces, but it's not just ASCII 0x20, but tabs too. > Then there is the use of the wildcard characters, especially '?' but > also '*'. Don't forget ESC, CR, LF, backticks, forward ticks, semicolons, and pretty much anything else that will give a shell indigestion. SQL isn't the only thing prone to injection attacks.. :)
pgps69JeqhsqZ.pgp
Description: PGP signature
_______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at spectrumscale.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss
