i think that this is not something related with OBSD security but with the correct use of the shell of course this is something that could happen
> Date: Tue, 9 Sep 2014 21:21:30 -0700 > Subject: Re: wildcard poisoning > From: [email protected] > To: [email protected] > CC: [email protected] > > On 9/9/14, Stefan Olsson <[email protected]> wrote: > > I came across an interesting article on wildcards in shell: > > http://www.defensecode.com/public/DefenseCode_Unix_WildCards_Gone_Wild.txt > > > > > > Tested some of the above in pdksh on a current OpenBSD-host: > > $ mkdir test > > $ cd test > > $ touch file1 file2 file3 "-rf" > > $ mkdir DIR1 DIR2 > > $ ls -al > > total 16 > > -rw-r--r-- 1 sturban sturban 0 Sep 10 04:26 -rf > > drwxr-xr-x 4 sturban sturban 512 Sep 10 04:26 ./ > > drwxr-xr-x 10 sturban sturban 1024 Sep 10 04:25 ../ > > drwxr-xr-x 2 sturban sturban 512 Sep 10 04:26 DIR1/ > > drwxr-xr-x 2 sturban sturban 512 Sep 10 04:26 DIR2/ > > -rw-r--r-- 1 sturban sturban 0 Sep 10 04:26 file1 > > -rw-r--r-- 1 sturban sturban 0 Sep 10 04:26 file2 > > -rw-r--r-- 1 sturban sturban 0 Sep 10 04:26 file3 > > $ rm * > > $ ls -al > > total 8 > > -rw-r--r-- 1 sturban sturban 0 Sep 10 04:26 -rf > > drwxr-xr-x 2 sturban sturban 512 Sep 10 04:26 ./ > > drwxr-xr-x 10 sturban sturban 1024 Sep 10 04:25 ../ > > $ touch file1 file2 file3 "-rf" > $ mkdir DIR1 DIR2 > $ ls -al > total 16 > -rw-r--r-- 1 sidster wheel 0 Sep 9 21:19 -rf > drwxr-xr-x 4 sidster wheel 512 Sep 9 21:19 ./ > drwxrwxrwt 8 root wheel 1024 Sep 9 21:19 ../ > drwxr-xr-x 2 sidster wheel 512 Sep 9 21:19 DIR1/ > drwxr-xr-x 2 sidster wheel 512 Sep 9 21:19 DIR2/ > -rw-r--r-- 1 sidster wheel 0 Sep 9 21:19 file1 > -rw-r--r-- 1 sidster wheel 0 Sep 9 21:19 file2 > -rw-r--r-- 1 sidster wheel 0 Sep 9 21:19 file3 > $ rm ./* > rm: ./DIR1: is a directory > rm: ./DIR2: is a directory > noir $ ls -al > total 16 > drwxr-xr-x 4 sidster wheel 512 Sep 9 21:20 ./ > drwxrwxrwt 8 root wheel 1024 Sep 9 21:19 ../ > drwxr-xr-x 2 sidster wheel 512 Sep 9 21:19 DIR1/ > drwxr-xr-x 2 sidster wheel 512 Sep 9 21:19 DIR2/ > > be smarter than that. > > --patrick
