Forgot your password?
typodupeerror

+ - Exploiting Wildcards On Linux

Submitted by Anonymous Coward
An anonymous reader writes "DefenseCode researcher Leon Juranic found security issues related to using wildcards in Unix commands. The topic has been talked about in the past on the Full Disclosure mailing list, where some people saw this more as a feature than as a bug. There are clearly a number of potential security issues surrounding this, so Mr. Juranic provided five actual exploitation examples that stress out the risks accompanying practice of using the * wildcard with Linux/Unix commands. The issue can be manifested by using specific options in chown, tar, rsync etc. By using specially crafted filenames, an attacker can inject arbitrary arguments to shell commands run by other users — root as well."
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Exploiting Wildcards On Linux

Comments Filter:

The key elements in human thinking are not numbers but labels of fuzzy sets. -- L. Zadeh

Working...