Re: [Fwd: Re: deleting directories with ??? in name]
On Mon, Mar 15, 2004 at 07:07:46PM -0800, Chris Pressey wrote: That wouldn't explain why 'rm -i *' returned 'no match', though. Just to eliminate the obvious: did these weird filenames begin with a '.'? Shell globbing treats file names with a leading period specially. You'ld have to do: % ls -d .* to get a listing of those files, and: % rm -ri .[^.]* to delete them. Note the extra effort taken to avoid matching the special names '.' and '..' -- doing a recursive delete of '..' is a real foot-shooting exercise. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: [Fwd: Re: deleting directories with ??? in name]
Chris Pressey wrote: Walter, out of curiousity, what FTP server were you running, and (if you remember) what was the exact output of ls -aB ? I'm running, at the moment, the default ftpd in FBSD 4.6.2. (Yeah, I know, it's way old.) I don't remember the exact output, but contained mostly odd characters, \216, \235, \237, and \377 with a few printable letters. I don't remember even if there were leading dots on the names. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [Fwd: Re: deleting directories with ??? in name]
Matthew Seaman wrote: On Mon, Mar 15, 2004 at 07:07:46PM -0800, Chris Pressey wrote: That wouldn't explain why 'rm -i *' returned 'no match', though. Just to eliminate the obvious: did these weird filenames begin with a '.'? Shell globbing treats file names with a leading period specially. You'ld have to do: % ls -d .* to get a listing of those files, and: % rm -ri .[^.]* to delete them. Note the extra effort taken to avoid matching the special names '.' and '..' -- doing a recursive delete of '..' is a real foot-shooting exercise. Cheers, Matthew I don't remember whether the files had leading dots or not. Sorry. But I'll keep this method in mind if it happens again. Thanks. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
[Fwd: Re: deleting directories with ??? in name]
I managed to delete the files by recreating the directory. Not to seem ungrateful, but isn't it a Bad Thing that it is not straightforeward to delete any file on the system (as root, and thwarted merely because of the characters in the name of the file/directory)? I'm not in a position to mangle lynx, but oughtn't it to be able to zap ANY file regardless of its name? (emacs is obtuse to me.) Is this worthy of a PR? Or are there other ways to kill a malconforming file? Why should an annonomous FTP user be able to create a directory tree that the root account of the machine can't traverse and delete normally? (Sigh.) Original Message Subject: Re: deleting directories with ??? in name Erik Trulsson wrote: On Mon, Mar 15, 2004 at 03:51:37PM -0800, Derrick Ryalls wrote: I've tried lynx, but it did not display the files. I tried emacs, but I was only able to rename two of the directories to other names I could delete; the other two gave me an error of illegal character. I tried 'rm -i -- ?*' but it didn't find the files. I tried 'find . -inum 146 -delete' but while it gave no error message, the files/directories remain. Help! How do I delete these odd directories? Please CC me in your response as I'm not currently subscribed to the List. #mkdir dir?me #rmdir dir\?me That assumes that filenames actually contain questionmarks. ls(1) by default displays all unprintable characters as question marks. To see what the filenames actually are use 'ls -aB'. To delete files with strange names you can always do a 'rm -i *' and answer 'y' only for the weird files. 'rm -i *' returns no match 'ls -aB' shows me the file names, but even after carefully typing in what it shows me in an 'rm' command (name in quotes) says not found. There are \216, \235, \237, and \377 characters in the names, if this matters. Thanks. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [Fwd: Re: deleting directories with ??? in name]
Walter wrote: I managed to delete the files by recreating the directory. Ah, you have the hacker nature, then. That is probably a Good Thing(TM) ... I was going to suggest $cp * ../otherdir/ $cd .. rmdir thatdir $mv otherdir thatdir :-) Not to seem ungrateful, but isn't it a Bad Thing that it is not straightforeward to delete any file on the system (as root, and thwarted merely because of the characters in the name of the file/directory)? I'm not in a position to mangle lynx, but oughtn't it to be able to zap ANY file regardless of its name? (emacs is obtuse to me.) Is this worthy of a PR? Or are there other ways to kill a malconforming file? Why should an annonomous FTP user be able to create a directory tree that the root account of the machine can't traverse and delete normally? (Sigh.) Last question first, because he has the cracker nature? Nah, nevermind; it was probably a bot As a point of discussion, when was the last time you attempted to remove a file dropped by a Windows virus, and were told, no way, Jose` ... (?) I'm guessing that there is more to it than the characters in the name of the file/directory. Remember that the characters we see are ultimately a symbolic representation of another type of data, and it is possible to construct code that would deceive us, or our programs To attempt to answer the issue you describe, on the surface we must assume that this is a limitation of the interface, i.e. whatever shell you are using, whatever shell/API/whatever your application is using. Obviously if it can be created, it can be deleted, under the right circumstances. But your removal tool must be at least as powerful as the one that placed it there; and it's quite possible that whatever did this is a tad more powerful than tcsh or bash I'm sure if you wanted to write a better shell, you'd be told to go right ahead :-) Of more concern to me in this situation would be if this anonymous FTP user put this weird file on your system ... what *else* did he put there? Are you sure he wasn't able to traverse the chrooted ftp homedir? If access was gained to the filesystem at some lower level ... hmm I think you should definitely attempt to analyze whether this machine has been totally compromised...and quite possibly treat it as such...of course, I'm a little overcautious (read A**l) re: security issues like this... ;-) Maybe the security list; or, perhaps better, another thread here to solicit opinions on whether you have aught to fear from this...but, maybe I'm just plain wrong. Kevin Kinsey DaleCo, S.P. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [Fwd: Re: deleting directories with ??? in name]
Walter [EMAIL PROTECTED] writes: I managed to delete the files by recreating the directory. Not to seem ungrateful, but isn't it a Bad Thing that it is not straightforeward to delete any file on the system (as root, and thwarted merely because of the characters in the name of the file/directory)? I'm not in a position to mangle lynx, but oughtn't it to be able to zap ANY file regardless of its name? (emacs is obtuse to me.) Is this worthy of a PR? Or are there other ways to kill a malconforming file? Why should an annonomous FTP user be able to create a directory tree that the root account of the machine can't traverse and delete normally? (Sigh.) It sounds like you're just unfamiliar with shell quoting rules. Maybe you'd find it easier with a different shell? [root uses csh by default, which I find much more arcane than sh] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [Fwd: Re: deleting directories with ??? in name]
On 15 Mar 2004 20:26:12 -0500 Lowell Gilbert [EMAIL PROTECTED] wrote: Walter [EMAIL PROTECTED] writes: I managed to delete the files by recreating the directory. Not to seem ungrateful, but isn't it a Bad Thing that it is not straightforeward to delete any file on the system (as root, and thwarted merely because of the characters in the name of the file/directory)? I'm not in a position to mangle lynx, but oughtn't it to be able to zap ANY file regardless of its name? (emacs is obtuse to me.) Is this worthy of a PR? Or are there other ways to kill a malconforming file? Why should an annonomous FTP user be able to create a directory tree that the root account of the machine can't traverse and delete normally? (Sigh.) It sounds like you're just unfamiliar with shell quoting rules. That wouldn't explain why 'rm -i *' returned 'no match', though. I think it's more likely that (for whatever reason) the FTP server is allowing files to be created with extremely funky filenames - possibly embedded NULs? I wouldn't have thought this was possible with open(2) or fopen(3) - and I wouldn't think that an FTP server would use some other method of creating a file... Walter, out of curiousity, what FTP server were you running, and (if you remember) what was the exact output of ls -aB ? -Chris ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [Fwd: Re: deleting directories with ??? in name]
On Mon, Mar 15, 2004, Chris Pressey wrote: On 15 Mar 2004 20:26:12 -0500 Lowell Gilbert [EMAIL PROTECTED] wrote: ... That wouldn't explain why 'rm -i *' returned 'no match', though. I think it's more likely that (for whatever reason) the FTP server is allowing files to be created with extremely funky filenames - possibly embedded NULs? I wouldn't have thought this was possible with open(2) or fopen(3) - and I wouldn't think that an FTP server would use some other method of creating a file... I've never seen embedded NULs, but I've seen a pretty wide variety of other garbage in our anonymous ftp site's /incoming directory. We allow uploads with automatic e-mail notification when any new file is uploaded, but the ownership and permissions are set so that nobody can download without manual intervention by somebody here. My normal way of nuking these directories is a one-liner typed from the command line using gnu-find where $somefile is some file or directory in in the incoming directory that's older than the ones I want to nuke: gfind . -newer $somefile -maxdepth 1 -mindepth 1 -print0 | xargs -0 rm -rv Bill -- INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC UUCP: camco!bill PO Box 820; 6641 E. Mercer Way FAX:(206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 URL: http://www.celestial.com/ ``It's time to feed the hogs'' -- Unintended Consequences ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
