Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Security Unix Linux

Exploiting Wildcards On Linux/Unix 215

Posted by Soulskill from the teaching-a-new-dog-old-tricks dept.
An anonymous reader writes: DefenseCode researcher Leon Juranic found security issues related to using wildcards in Unix commands. The topic has been talked about in the past on the Full Disclosure mailing list, where some people saw this more as a feature than as a bug. There are clearly a number of potential security issues surrounding this, so Mr. Juranic provided five actual exploitation examples that stress the risks accompanying the practice of using the * wildcard with Linux/Unix commands. The issue can be manifested by using specific options in chown, tar, rsync etc. By using specially crafted filenames, an attacker can inject arbitrary arguments to shell commands run by other users — root as well.
This discussion has been archived. No new comments can be posted.

Exploiting Wildcards On Linux/Unix More

Exploiting Wildcards On Linux/Unix

Comments Filter:

  • Re:Question... -- ? (Score:2, Insightful)

    by Anonymous Coward on Friday June 27, 2014 @10:24AM (#47332493)

    So why would the expected method not be the default? This is exactly how security problems are born.

  • User data to control commands (Score:5, Insightful)

    by jones_supa ( 887896 ) on Friday June 27, 2014 @11:00AM (#47332829)

    Systems where user data can accidentally get mixed in control commands are dangerous. In addition to this shell trick, another example would be HTML, where you have to be careful to not let raw HTML data through your guestbook messages so that visitors can't inject HTML into the messages.

    With competent and careful system administrators you can avoid problems, but it's still kind of a fragile design in my opinion.

  • Re: Incompetent people will always mess things up. (Score:3, Insightful)

    by Anonymous Coward on Friday June 27, 2014 @11:06AM (#47332893)

    Wake up. Not everyone is a developer. Not everyone has even 2 minutes of unix philosophy.

    My Users are scientists, and they get to trash their home space here. These types of issues are most likely to happen when they are writing a script and it makes files for what should have been options.

    My job isn't to teach them unix, it's to keep them happy and productive. They make mistakes, I clean them up and help them through the frustration of things going wrong.

  • Re:Question... -- ? (Score:2, Insightful)

    by Anonymous Coward on Friday June 27, 2014 @11:14AM (#47332965)

    "the security risk is the developer that doesn't know what he's doing."

    Not the hacker who does know what he is doing.

  • Re:If only this was a Microsoft issue. (Score:5, Insightful)

    by TheDarkMaster ( 1292526 ) on Friday June 27, 2014 @12:22PM (#47333713)
    Humans beings use spaces in the names they give to things or to other human beings. So, why their computers would have to behave differently?

  • Re:what about? (Score:3, Insightful)

    by Anonymous Coward on Friday June 27, 2014 @12:27PM (#47333775)

    Depends on the version of Unix that you're using. There a lot of non GNU variants of rm that will happily resolve .. and traverse it. In effect it became a rm -rf /

Slashdot Top Deals

Happiness is twin floppies.

Close