MLUG: Mizzou Linux Users GroupHome | FAQ | Server | Presentations | Mailing Lists/Archives | Member Tools | Links | Sponsors | Contact
MLUG: Re: [MLUG] backup via cron
Re: [MLUG] backup via cron
Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 
On 2/4/06, Phillip Kelchen <EMAIL:PROTECTED> wrote:
> On Saturday 04 February 2006 19:35, Mike Miller wrote:
> > This must occasionally cause some serious problems.
>
> Do you think that this could be a situation where a filename with a ^M or
> other character could lead to arbitrary code execution or something on that
> order and be a potential vulnerability? Or is the bash/tcsh bug simply a
> benign one that would only cause a script/command with such a character in
> the filename to fail to execute when called?
>

There are certainly a lot of places where control characters are not
taken into account.  The commond "find | xargs" idiom, for example.  I
suppose with sufficient cleverness one could use this for evil.

Or good.  An old trick is to make a file called "-i" in important
directories.  Then rm * becomes rm -i *, which prevents you from
wiping everything accidentally.

Oh, and I'm glad you solved the problem, Dan.

Regards,
Mark
EMAIL:PROTECTED
--
You think that it is a secret, but it never has been one.
  - fortune cookie

_______________________________________________
members mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/members
Questions? Comments? Feel free to contact MLUG.
DMCA and other copyright information.