Re: dot and slash
The problem with that would be crafting an option that is valid with those characters in the string. (and, no \000 is not an option it is illegal (and mostly impossible) in a filename, since it terminates strings in Unix calls..
4 posts • joined 29 Jun 2007
No. You don't need to be root to create any of these traps.
The problem is that you need to trick a root user (or otherwise privileged command) to execute a wild-care command with the booby-trapped directory as the current directory .. and using a relative wild-card with no path elements.
Among other things, this attack requires that you are operating in a directory that is write-others (or, at least, writable by a hostile group), and that the target user use that other-writable directory as current directory when starting up the wild card affected command .. .. AND that the target user use a completely relative wildcard.
The simple way to avoid getting stuck with this problem is to do any command operating with '*' prefixed wild-cards is to use ./*blah. instead of *blah
The other approach (that doesn't require re-engineering the system would be to change these affected commands so that -- once you start interpreting arguments as filenames, you don't go back to interpreting command arguments.
I was, in fact, under the impression that no backtracking to argument mode was how most commands interpreted their arguments. Even so, I stil tend to use defensive shell scripting, and use ./*... in instances where I may be using wildcards in a hostile environment.
Since they were already skilled at mining tin (and probably digging *everywhere* looking for it), going after gold to get even more goods out of the Irish was easier for them than it was for the Irish to find and exploit their own deposits.
It could have seemed useless fo the Cornwallis, but obviously valuable to the Irish
Biting the hand that feeds IT © 1998–2019