i think that this is not something related with OBSD security but with the
correct use of the shell of course this is something that could happen
Date: Tue, 9 Sep 2014 21:21:30 -0700
Subject: Re: wildcard poisoning
From: pkesh...@gmail.com
To: stur...@hotmail.com
CC: misc@openbsd.org
On 9/9/14, Stefan Olsson stur...@hotmail.com wrote:
I came across an interesting article on wildcards in shell:
http://www.defensecode.com/public/DefenseCode_Unix_WildCards_Gone_Wild.txt
Tested some of the above in pdksh on a current OpenBSD-host:
$ mkdir test
$ cd test
$ touch file1 file2 file3 -rf
$ mkdir DIR1 DIR2
$ ls -al
total 16
-rw-r--r-- 1 sturban sturban 0 Sep 10 04:26 -rf
drwxr-xr-x 4 sturban sturban 512 Sep 10 04:26 ./
drwxr-xr-x 10 sturban sturban 1024 Sep 10 04:25 ../
drwxr-xr-x 2 sturban sturban 512 Sep 10 04:26 DIR1/
drwxr-xr-x 2 sturban sturban 512 Sep 10 04:26 DIR2/
-rw-r--r-- 1 sturban sturban 0 Sep 10 04:26 file1
-rw-r--r-- 1 sturban sturban 0 Sep 10 04:26 file2
-rw-r--r-- 1 sturban sturban 0 Sep 10 04:26 file3
$ rm *
$ ls -al
total 8
-rw-r--r-- 1 sturban sturban 0 Sep 10 04:26 -rf
drwxr-xr-x 2 sturban sturban 512 Sep 10 04:26 ./
drwxr-xr-x 10 sturban sturban 1024 Sep 10 04:25 ../
$ touch file1 file2 file3 -rf
$ mkdir DIR1 DIR2
$ ls -al
total 16
-rw-r--r-- 1 sidster wheel 0 Sep 9 21:19 -rf
drwxr-xr-x 4 sidster wheel 512 Sep 9 21:19 ./
drwxrwxrwt 8 root wheel 1024 Sep 9 21:19 ../
drwxr-xr-x 2 sidster wheel 512 Sep 9 21:19 DIR1/
drwxr-xr-x 2 sidster wheel 512 Sep 9 21:19 DIR2/
-rw-r--r-- 1 sidster wheel 0 Sep 9 21:19 file1
-rw-r--r-- 1 sidster wheel 0 Sep 9 21:19 file2
-rw-r--r-- 1 sidster wheel 0 Sep 9 21:19 file3
$ rm ./*
rm: ./DIR1: is a directory
rm: ./DIR2: is a directory
noir $ ls -al
total 16
drwxr-xr-x 4 sidster wheel 512 Sep 9 21:20 ./
drwxrwxrwt 8 root wheel 1024 Sep 9 21:19 ../
drwxr-xr-x 2 sidster wheel 512 Sep 9 21:19 DIR1/
drwxr-xr-x 2 sidster wheel 512 Sep 9 21:19 DIR2/
be smarter than that.
--patrick