> ls reading flags from filename which might lead to root backdoor as a > concept, i.e. cat >-ls;id and the wait for root to ls * . Actually, its not ls reading from the filename, but the shell appending the filenames as parameters. Take for example: $ ls -la 123 312 $ ls * -rw-r--r-- 1 someone users 0 Feb 15 07:24 123 -rw-r--r-- 1 someone users 0 Feb 15 07:24 312 $ The 'ls' command recieves "ls -la 123 321" (as the shell expands the * wildcard with the names of the files in the current directory). So this has the same effect: $ id * id: invalid option -- l Try `id --help' for more information. $ Although this is a feature rather than a bug, that doesn't mean that it can't be useful. For example, say you have a search script that finds all new files in a certain directory by issuing the 'ls -la *' command. If the attacker were to create a directory called '-la', it would not be seen by the script. - Wodahs ------------------------------------- http://www.ministryofpeace.co.uk/ -- _______________________________________________ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup Win a ski trip! http://www.nowcode.com/register.asp?affiliate=1net2phone3a
This archive was generated by hypermail 2b30 : Fri Feb 15 2002 - 09:53:16 PST