Re: deleting directories with ??? in name
in message <[EMAIL PROTECTED]>, wrote Walter thusly... > > It looks like another directory structure has appeared in the ftp > directory that Lynx does not "see" and that >find . -inum -delete > does not delete. It does have a dot as the first character, with > some other non-printing characters, but no "/". ... > Do you still want to look at it?? If so, as I'm not overly > conversant with tar ... Wow, i didn't expect that to happen so soon. Here is the tar command pipe... tar cf - \ | bzip2 -9 >> foul-name.tbz2 ...tar will send the output on stdout (-f -) of tarball (-c) of the parent directory of the offending directory name. Bzip2 will then compress the tar output (given on the stdout) to the fullest extent (-9) possible. Tar'ed & compressed output will then be stored in file named 'foul-named.tbz2'. If the size of foul-named.tbz2 is ~30 kB, send me this file as email attachment. Otherwise, please allow me to download it via FTP or HTTP. In all case, please keep the size less than a MB or so. - Parv -- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: deleting directories with ??? in name
Hi Parv, It looks like another directory structure has appeared in the ftp directory that Lynx does not "see" and that find . -inum -delete does not delete. It does have a dot as the first character, with some other non-printing characters, but no "/". I haven't yet tried to delete it with emacs or Midnight Commander. Do you still want to look at it?? If so, as I'm not overly conversant with tar (or too much else that's *nix), please send me the 'tar' command you'd like me to archive the directory structure with, and I'll send the result. I'm not subscribed to the List, so please CC me. Thanks. Walter Parv wrote: in message <[EMAIL PROTECTED]>, wrote Walter thusly... I apologize for the late reply. Parv wrote: # find . \( -inum -o -inum \) -print0 \ # | xargs -0 rm -rfv Thanks, but when I did: ls -i and then typed in the inode in the command (saved in an old List e-mail): find . -inum -delete it didn't delete them. Do you think your way would work where manual command wouldn't? But, they are gone now, so I can't try it anyway. My _speculation_ is that if '-delete' option did not work from w/in find(1), i doubt that above quoted command chain would cause any difference. I suppose, you also guessed the same. OTOH, the description of -delete option does say... -delete ... It will not attempt to delete a filename with a ``/'' character in its pathname relative to ``.'' for security reasons. ...that is one thing to consider. It would have been fun to experiment w/ the offending directory structure. Next time it happens, send me a sample/small tar'd copy, will you? - Parv ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: deleting directories with ??? in name
in message <[EMAIL PROTECTED]>, wrote Walter thusly... > I apologize for the late reply. > Parv wrote: > > > # find . \( -inum -o -inum \) -print0 \ > > # | xargs -0 rm -rfv > > > > Thanks, but when I did: > ls -i > and then typed in the inode in the command (saved in an old List > e-mail): > find . -inum -delete > it didn't delete them. Do you think your way would work where > manual command wouldn't? But, they are gone now, so I can't try > it anyway. My _speculation_ is that if '-delete' option did not work from w/in find(1), i doubt that above quoted command chain would cause any difference. I suppose, you also guessed the same. OTOH, the description of -delete option does say... -delete ... It will not attempt to delete a filename with a ``/'' character in its pathname relative to ``.'' for security reasons. ...that is one thing to consider. It would have been fun to experiment w/ the offending directory structure. Next time it happens, send me a sample/small tar'd copy, will you? - Parv -- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [Fwd: Re: deleting directories with ??? in name]
Matthew Seaman wrote: On Mon, Mar 15, 2004 at 07:07:46PM -0800, Chris Pressey wrote: That wouldn't explain why 'rm -i *' returned 'no match', though. Just to eliminate the obvious: did these weird filenames begin with a '.'? Shell globbing treats file names with a leading period specially. You'ld have to do: % ls -d .* to get a listing of those files, and: % rm -ri .[^.]* to delete them. Note the extra effort taken to avoid matching the special names '.' and '..' -- doing a recursive delete of '..' is a real foot-shooting exercise. Cheers, Matthew I don't remember whether the files had leading dots or not. Sorry. But I'll keep this method in mind if it happens again. Thanks. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: deleting directories with ??? in name
Parv wrote: in message <[EMAIL PROTECTED]>, wrote Parv thusly... # find . \( -inum -o -inum \) -print0 \ # | xargs -0 rm -fv Oh, don't forget the '-r', for recursion, option for rm(1) as i did. Use this instead... # find . \( -inum -o -inum \) -print0 \ # | xargs -0 rm -rfv - Parv Thanks, but when I did: ls -i and then typed in the inode in the command (saved in an old List e-mail): find . -inum -delete it didn't delete them. Do you think your way would work where manual command wouldn't? But, they are gone now, so I can't try it anyway. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [Fwd: Re: deleting directories with ??? in name]
Chris Pressey wrote: Walter, out of curiousity, what FTP server were you running, and (if you remember) what was the exact output of ls -aB ? I'm running, at the moment, the default ftpd in FBSD 4.6.2. (Yeah, I know, it's way old.) I don't remember the exact output, but contained mostly odd characters, \216, \235, \237, and \377 with a few printable letters. I don't remember even if there were leading dots on the names. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [Fwd: Re: deleting directories with ??? in name]
On Mon, Mar 15, 2004 at 07:07:46PM -0800, Chris Pressey wrote: > That wouldn't explain why 'rm -i *' returned 'no match', though. Just to eliminate the obvious: did these weird filenames begin with a '.'? Shell globbing treats file names with a leading period specially. You'ld have to do: % ls -d .* to get a listing of those files, and: % rm -ri .[^.]* to delete them. Note the extra effort taken to avoid matching the special names '.' and '..' -- doing a recursive delete of '..' is a real foot-shooting exercise. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: deleting directories with ??? in name
in message <[EMAIL PROTECTED]>, wrote Parv thusly... > > # find . \( -inum -o -inum \) -print0 \ > # | xargs -0 rm -fv Oh, don't forget the '-r', for recursion, option for rm(1) as i did. Use this instead... # find . \( -inum -o -inum \) -print0 \ # | xargs -0 rm -rfv - Parv -- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: deleting directories with ??? in name
in message <[EMAIL PROTECTED]>, wrote Walter thusly... > > Erik Trulsson wrote: > > > ls(1) by default displays all unprintable characters as question > > marks. To see what the filenames actually are use 'ls -aB'. > > > > To delete files with strange names you can always do a 'rm -i *' > > and answer 'y' only for the weird files. > > 'rm -i *' returns "no match" > 'ls -aB' shows me the file names, but even after carefully typing > in what it shows me in an 'rm' command (name in quotes) says not > found. There are \216, \235, \237, and \377 characters in the > names Use the inodes, find(1) & xargs(1) instead to remove the files... - Use '-i' option of ls(1) to list the inodes of the offending files; note them. These are listed in the most left hand column. # ls -iaB1 - Find(1) the files matching above inodes (assuming evil files are in current directory & inode-1 & inode-2 are the inodes of two nasty files) ... # find . \( -inum -o -inum \) -print0 - Pass the find(1) output to rm(1) ... # find . \( -inum -o -inum \) -print0 \ # | xargs -0 rm -fv - Done ...Read up on ls(1), find(1) & xargs(1). - Parv -- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [Fwd: Re: deleting directories with ??? in name]
On Mon, Mar 15, 2004, Chris Pressey wrote: >On 15 Mar 2004 20:26:12 -0500 >Lowell Gilbert <[EMAIL PROTECTED]> wrote: > ... > >That wouldn't explain why 'rm -i *' returned 'no match', though. > >I think it's more likely that (for whatever reason) the FTP server is >allowing files to be created with extremely funky filenames - possibly >embedded NULs? I wouldn't have thought this was possible with open(2) >or fopen(3) - and I wouldn't think that an FTP server would use some >other method of creating a file... I've never seen embedded NULs, but I've seen a pretty wide variety of other garbage in our anonymous ftp site's /incoming directory. We allow uploads with automatic e-mail notification when any new file is uploaded, but the ownership and permissions are set so that nobody can download without manual intervention by somebody here. My normal way of nuking these directories is a one-liner typed from the command line using gnu-find where $somefile is some file or directory in in the incoming directory that's older than the ones I want to nuke: gfind . -newer $somefile -maxdepth 1 -mindepth 1 -print0 | xargs -0 rm -rv Bill -- INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC UUCP: camco!bill PO Box 820; 6641 E. Mercer Way FAX:(206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 URL: http://www.celestial.com/ ``It's time to feed the hogs'' -- Unintended Consequences ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [Fwd: Re: deleting directories with ??? in name]
On 15 Mar 2004 20:26:12 -0500 Lowell Gilbert <[EMAIL PROTECTED]> wrote: > Walter <[EMAIL PROTECTED]> writes: > > > I managed to delete the files by recreating the directory. > > > > Not to seem ungrateful, but isn't it a Bad Thing that it > > is not straightforeward to delete any file on the system > > (as root, and thwarted merely because of the characters in > > the name of the file/directory)? I'm not in a position to > > mangle lynx, but oughtn't it to be able to zap ANY file > > regardless of its name? (emacs is obtuse to me.) Is this > > worthy of a PR? Or are there other ways to kill a > > malconforming file? Why should an annonomous FTP user > > be able to create a directory tree that the root account > > of the machine can't traverse and delete normally? (Sigh.) > > It sounds like you're just unfamiliar with shell quoting rules. That wouldn't explain why 'rm -i *' returned 'no match', though. I think it's more likely that (for whatever reason) the FTP server is allowing files to be created with extremely funky filenames - possibly embedded NULs? I wouldn't have thought this was possible with open(2) or fopen(3) - and I wouldn't think that an FTP server would use some other method of creating a file... Walter, out of curiousity, what FTP server were you running, and (if you remember) what was the exact output of ls -aB ? -Chris ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [Fwd: Re: deleting directories with ??? in name]
Walter <[EMAIL PROTECTED]> writes: > I managed to delete the files by recreating the directory. > > Not to seem ungrateful, but isn't it a Bad Thing that it > is not straightforeward to delete any file on the system > (as root, and thwarted merely because of the characters in > the name of the file/directory)? I'm not in a position to > mangle lynx, but oughtn't it to be able to zap ANY file > regardless of its name? (emacs is obtuse to me.) Is this > worthy of a PR? Or are there other ways to kill a > malconforming file? Why should an annonomous FTP user > be able to create a directory tree that the root account > of the machine can't traverse and delete normally? (Sigh.) It sounds like you're just unfamiliar with shell quoting rules. Maybe you'd find it easier with a different shell? [root uses csh by default, which I find much more arcane than sh] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [Fwd: Re: deleting directories with ??? in name]
Walter wrote: I managed to delete the files by recreating the directory. Ah, you have the hacker nature, then. That is probably a Good Thing(TM) ... I was going to suggest $cp * ../otherdir/ $cd .. && rmdir thatdir $mv otherdir thatdir :-) Not to seem ungrateful, but isn't it a Bad Thing that it is not straightforeward to delete any file on the system (as root, and thwarted merely because of the characters in the name of the file/directory)? I'm not in a position to mangle lynx, but oughtn't it to be able to zap ANY file regardless of its name? (emacs is obtuse to me.) Is this worthy of a PR? Or are there other ways to kill a malconforming file? Why should an annonomous FTP user be able to create a directory tree that the root account of the machine can't traverse and delete normally? (Sigh.) Last question first, because he has the "cracker" nature? Nah, nevermind; it was probably a bot As a point of discussion, when was the last time you attempted to remove a file dropped by a Windows virus, and were told, "no way, Jose`" ... (?) I'm guessing that there is more to it than the "characters in the name of the file/directory". Remember that the characters we see are ultimately a symbolic representation of another type of data, and it is possible to construct code that would deceive us, or our programs To attempt to answer the issue you describe, on the surface we must assume that this is a limitation of the interface, i.e. whatever shell you are using, whatever shell/API/whatever your application is using. Obviously if it can be created, it can be deleted, under the right circumstances. But your removal tool must be at least as powerful as the one that placed it there; and it's quite possible that whatever did this is a tad more powerful than tcsh or bash I'm sure if you wanted to write a better shell, you'd be told to go right ahead :-) Of more concern to me in this situation would be if this anonymous FTP user put this "weird" file on your system ... what *else* did he put there? Are you sure he wasn't able to traverse the chrooted ftp homedir? If access was gained to the filesystem at some lower level ... hmm I think you should definitely attempt to analyze whether this machine has been totally compromised...and quite possibly treat it as such...of course, I'm a little overcautious (read A**l) re: security issues like this... ;-) Maybe the security list; or, perhaps better, another thread here to solicit opinions on whether you have aught to fear from this...but, maybe I'm just plain wrong. Kevin Kinsey DaleCo, S.P. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
[Fwd: Re: deleting directories with ??? in name]
I managed to delete the files by recreating the directory. Not to seem ungrateful, but isn't it a Bad Thing that it is not straightforeward to delete any file on the system (as root, and thwarted merely because of the characters in the name of the file/directory)? I'm not in a position to mangle lynx, but oughtn't it to be able to zap ANY file regardless of its name? (emacs is obtuse to me.) Is this worthy of a PR? Or are there other ways to kill a malconforming file? Why should an annonomous FTP user be able to create a directory tree that the root account of the machine can't traverse and delete normally? (Sigh.) Original Message ---- Subject: Re: deleting directories with ??? in name Erik Trulsson wrote: On Mon, Mar 15, 2004 at 03:51:37PM -0800, Derrick Ryalls wrote: I've tried lynx, but it did not display the files. I tried emacs, but I was only able to rename two of the directories to other names I could delete; the other two gave me an error of illegal character. I tried 'rm -i -- ?*' but it didn't find the files. I tried 'find . -inum 146 -delete' but while it gave no error message, the files/directories remain. Help! How do I delete these odd directories? Please CC me in your response as I'm not currently subscribed to the List. #mkdir dir?me #rmdir dir\?me That assumes that filenames actually contain questionmarks. ls(1) by default displays all unprintable characters as question marks. To see what the filenames actually are use 'ls -aB'. To delete files with strange names you can always do a 'rm -i *' and answer 'y' only for the weird files. 'rm -i *' returns "no match" 'ls -aB' shows me the file names, but even after carefully typing in what it shows me in an 'rm' command (name in quotes) says not found. There are \216, \235, \237, and \377 characters in the names, if this matters. Thanks. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: deleting directories with ??? in name
Erik Trulsson wrote: On Mon, Mar 15, 2004 at 03:51:37PM -0800, Derrick Ryalls wrote: I've tried lynx, but it did not display the files. I tried emacs, but I was only able to rename two of the directories to other names I could delete; the other two gave me an error of illegal character. I tried 'rm -i -- ?*' but it didn't find the files. I tried 'find . -inum 146 -delete' but while it gave no error message, the files/directories remain. Help! How do I delete these odd directories? Please CC me in your response as I'm not currently subscribed to the List. #mkdir dir?me #rmdir dir\?me That assumes that filenames actually contain questionmarks. ls(1) by default displays all unprintable characters as question marks. To see what the filenames actually are use 'ls -aB'. To delete files with strange names you can always do a 'rm -i *' and answer 'y' only for the weird files. 'rm -i *' returns "no match" 'ls -aB' shows me the file names, but even after carefully typing in what it shows me in an 'rm' command (name in quotes) says not found. There are \216, \235, \237, and \377 characters in the names, if this matters. Thanks. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: deleting directories with ??? in name
On Mon, Mar 15, 2004 at 03:51:37PM -0800, Derrick Ryalls wrote: > > > > I've tried lynx, but it did not display the files. > > I tried emacs, but I was only able to rename two of the > > directories to other names I could delete; the other two gave > > me an error of illegal character. I tried 'rm -i -- ?*' but > > it didn't find the files. I tried 'find . -inum 146 -delete' > > but while it gave no error message, the files/directories remain. > > > > Help! How do I delete these odd directories? > > Please CC me in your response as I'm not currently > > subscribed to the List. > > > > #mkdir dir?me > #rmdir dir\?me That assumes that filenames actually contain questionmarks. ls(1) by default displays all unprintable characters as question marks. To see what the filenames actually are use 'ls -aB'. To delete files with strange names you can always do a 'rm -i *' and answer 'y' only for the weird files. -- Erik Trulsson [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: deleting directories with ??? in name
> > I've tried lynx, but it did not display the files. > I tried emacs, but I was only able to rename two of the > directories to other names I could delete; the other two gave > me an error of illegal character. I tried 'rm -i -- ?*' but > it didn't find the files. I tried 'find . -inum 146 -delete' > but while it gave no error message, the files/directories remain. > > Help! How do I delete these odd directories? > Please CC me in your response as I'm not currently > subscribed to the List. > #mkdir dir?me #rmdir dir\?me ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"