* Posts by Stephen Samuel

4 posts • joined 29 Jun 2007

Oh SNAP! Old-school '80s Unix hack to smack OSX, iOS, Red Hat?

Stephen Samuel

Re: dot and slash

The problem with that would be crafting an option that is valid with those characters in the string. (and, no \000 is not an option it is illegal (and mostly impossible) in a filename, since it terminates strings in Unix calls..

Stephen Samuel

Re: dot and slash

No. You don't need to be root to create any of these traps.

The problem is that you need to trick a root user (or otherwise privileged command) to execute a wild-care command with the booby-trapped directory as the current directory .. and using a relative wild-card with no path elements.

Among other things, this attack requires that you are operating in a directory that is write-others (or, at least, writable by a hostile group), and that the target user use that other-writable directory as current directory when starting up the wild card affected command .. .. AND that the target user use a completely relative wildcard.

The simple way to avoid getting stuck with this problem is to do any command operating with '*' prefixed wild-cards is to use ./*blah. instead of *blah

The other approach (that doesn't require re-engineering the system would be to change these affected commands so that -- once you start interpreting arguments as filenames, you don't go back to interpreting command arguments.

I was, in fact, under the impression that no backtracking to argument mode was how most commands interpreted their arguments. Even so, I stil tend to use defensive shell scripting, and use ./*... in instances where I may be using wildcards in a hostile environment.

Au-mazing! Cornwall sold GOLD to Ireland back in the Bronze Age

Stephen Samuel

Cornwall was better at mining?

Since they were already skilled at mining tin (and probably digging *everywhere* looking for it), going after gold to get even more goods out of the Irish was easier for them than it was for the Irish to find and exploit their own deposits.

It could have seemed useless fo the Cornwallis, but obviously valuable to the Irish

FTC sides against Net Neutrality

Stephen Samuel

US not the lowest density

Canada has a much lower population density than the US, so if the US is behind their northern neighbor in terms of broadband deployment, you can't blame it all on lack of density.


Biting the hand that feeds IT © 1998–2019