The problem is that the * expansion is done by the shell, and the shell doesn't know the difference between file names and arguments.
But it could very easily make them explicit filenames by prefixing them with
This is because the linux commands do not respect what the manual says:
man rm...
rm [OPTION]... FILE...
but in realitiy it's rather:
rm [OTION|FILE]...
And what happens if the malicious filename is first in the list?
Since one is root, one can do anything anyway so why bother with all this misdirection?
Because you can trick a more privileged user into executing commands for you by writing files into your own folder. Most the examples given were of admin housekeeping tasks run against a user writeable folder.
If computers were conceived to execute user commands, then why is a command for matching file and dictionary names returning them in such a form that they become executable parameters, when they could easily be explicit filenames by adding
Is making what should be basic and safe housekeeping functions like chmod * and tar * dangerous really something you actually want in Linux?
Is a basic feature of how unix shells work, and there's no way to change it.
How about adding
The examples given are potential admin tasks doing filesystem maintenance on a user's folder.
Right, so an admin tarballing the content of a user's folder is an idiot because he didn't check to make sure the shell he was using wouldn't pass any of the file names as executable attributes instead of, you know, file names?
The one line summary for this story is bad things happen to people who use a command without knowing what the command does.
The definition of the unix wildcard when used in the shell is:
"The character * is a wildcard and matches zero or more character(s) in a file (or directory) name."
Note that the definition doesn't include anything about translate filenames into other kinds of executable parameters.
Probably because anybody who's used the various Bourne-style shells for a while
considers it a feature, not a bug. This is a case where the Principle of Least
Surprise comes up with different answers for novice users and for experts:
"What? A * can expand into an unintended command argument?" "Yeah, what *else*
would it do - the shell is just globbing, it doesn't know for sure what the
command will do with the parameter".
Who asked for this feature? Can anyone give me a legitimate use case for "tar cf archive.tar *" evaluating as
tar cf archive.tar admin.php ado.php --checkpoint=1 "--checkpoint-action=exec=sh shell.sh"
instead of
tar cf archive.tar "./admin.php" "./ado.php" "./--checkpoint=1" "./--checkpoint-action=exec=sh shell.sh"
That's not true, unless you're talking about building a large receiver right next to their transmitter and physically blocking the signal.
RFID? As long as your tags are no more than a few mm away from your phone sure that would work
Passive RFID works in very much the same way as what this Kickstarter describes. An RF pulse gives it just enough juice to do a miniscule amount of processing (looking up a stored number), then broadcast it back out to the world. Yes, capturing background RF would take some doing, but I don't know that I'd call it all that far outside the realm of plausibility.
The difference is distance; RFID only works with the reader very close to the tag (or with a large, directional antenna). Remember that RF strength decreases by the square of the distance (inverse-square law) and even just a few cm away from the reader RFID tags stop working. These iFind tags would be receiving even less energy than that, and if you can't power an RFID tag with that you're not going to be able to power an active Bluetooth device either.
Right so, instead of building stronger homes that don't collapse into a heap during strong winds, we'll create an absolutely gigantic wall to protect all the flimsy nailed together timber and drywall constructions within?
Yeah that makes perfect sense.
You would rather the unemployed remain so, rather than get a job, however little the pay?
United States unemployment: 6.3% minimum wage: US$7.25 per hour
Australia unemployment: 5.8% minimum wage: US$16.88 per hour
China's downfall in production will come when the factory workers start having unions that are too powerful.
That's a bit of a leap, they don't even have unions!
...
If only the US didn't have unions, they could be in the same position as China; with a massive workforce of virtually slave labourers with no rights, huge polluting factories not bound by those damn profit sapping environmental laws etc.! What a wondrous future that would be! <tears>
And graphics programmers need both frame rate and pixels. 120Hz seems perfect, but once you try using 3D vision glasses, those LCD shutters bring back the flicker.
We're not using CRTs anymore, LCD panels don't flicker with the refresh rate so 24hz, 30hz, 60hz, 120hz will all be just as steady.
This file will self-destruct in five minutes.
