> We could safely use "find *" to list files
recursively excluding
> dot-files in the current directory.
> (This may not always work correctly, but it is safe,
anyway.)
Not necessarily - consider a file named "-exec".
(Synthesizing the
rest of a useful command is likely to be tricky, but I'm by
no means
certain it can't be done.)
Doing pretty much anything with * in directories
potentially
constructed by malicious users is...risky. To put it
mildly.
> If the function is implemented as, "-exec
find-builtin-rm '{}' ';'",
> it should be much safer.
>
> % touch ./-exec find-builtin-rm '{}' ;
> % echo *
> -exec ; find-builtin-rm {}
BUT....
mkdir ,dir
touch ,dir/file ./-exec sh
cp ~/nasty-script very-evil-script
Now,
find * -exec find-builtin-rm '{}' ;
-> find ,dir -exec sh very-evil-script -exec
find-builtin-rm '{}' ;
-> oops!
This took me about five minutes to construct. What will the
attackers
come up with when they have person-years available to think
about
possibilities? Would *you* bet *your* system on the
result?
Especially when a trivial fix - "find ./* ..." -
is available?
Which is all to say, I see no point in worrying about what
"find * ..."
can do in a directory constructed by a putative attacker.
It's trivial
to avoid and extremely hard to fix completely.
/~ The ASCII der Mouse
/ Ribbon Campaign
X Against HTML mouse rodents.montreal.qc.ca
/ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3
27 4B
|
