OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Vuln-Dev Archives: Re: Unix * weirdness

Re: Unix * weirdness

Subject: Re: Unix * weirdness
From: Blue Boar (BlueBoarTHIEVCO.COM)
Date: Sat Jan 01 2000 - 23:03:06 CST

> The problem here is that you've got the wrong model of the Unix universe.
> Quoting [any way: \, ", '] and wildcards are functions of the *SHELL* and
> all do their thing _before_ the called-program is run. By the time the
> called-program is run *all* of that stuff is gone and the program just
> gets plain-jane 'strings' as its arguments. The 'quotes' and such are
> **NOT** passed on... they're jsut directvies _to_hte_shell_ on how to
> massage the strings on the command line before passing them to the called
> program.

Yup. My light bulb finally lit with Warner's last message. I used to
know this at one point in time, I've written argv parsing code
before. Of course, I selectively forget in front of 3000+
subscribers. :)

The - is special to rm, not the shell. & | et all are special
to the shell, not rm. But the shell doesn't use them as part
of * expansion, so neither one cares.

> >
> > How about if there's a space in front?
>
> Doesn't matter. Again, you need to have the right model: when the shell
> expands wildcards, it "plugs in" the expansion strings
> *no*matter*what*they*are*, and drops the resuling string as an argument
> to the called program.

Right. I tried it, because I was still curious.. I
created /tmp/ -stay

Since - isn't the first character in that parameter, the - doesn't
help and rm eats is just fine. As others have noted /tmp/-stay
gets deleted fine for the same reason. I'm now convinced
there's no fun to be had with the rm -rf /tmp/* script.

                                        BB

This archive was generated by hypermail 2b27 : Sat Jan 01 2000 - 23:07:34 CST