Comment Re:Who ever asked for this "feature" (Score 1) 215
Hmm, good point, didn't think of messing around with filenames in a for loop.
* could still use
Hmm, good point, didn't think of messing around with filenames in a for loop.
* could still use
... is there an example you can point to?
I have no idea what the solution is, but I suspect that we need to do some fundamental rethinking of secure architectures and user interfaces. Architectures need to more safely isolate data and logical functionality, and interfaces need to more safely mediate users interaction with devices. I confidently assert that the current architectures simply can't be secured, no matter how much junk is kludged to the task. Prove me wrong, please.
On the other hand this specific issue could be easily solved by * prefixing all filenames with
So far I've not heard of anything that would break, and it's silly arguing that this specific problem is part of required functionality and not something that can/should be fixed when it appears to have such a simple solution.
The problem is that the * expansion is done by the shell, and the shell doesn't know the difference between file names and arguments.
But it could very easily make them explicit filenames by prefixing them with
This is because the linux commands do not respect what the manual says:
man rm...
rm [OPTION]... FILE...
but in realitiy it's rather:
rm [OTION|FILE]...
And what happens if the malicious filename is first in the list?
Since one is root, one can do anything anyway so why bother with all this misdirection?
Because you can trick a more privileged user into executing commands for you by writing files into your own folder. Most the examples given were of admin housekeeping tasks run against a user writeable folder.
If computers were conceived to execute user commands, then why is a command for matching file and dictionary names returning them in such a form that they become executable parameters, when they could easily be explicit filenames by adding
Is making what should be basic and safe housekeeping functions like chmod * and tar * dangerous really something you actually want in Linux?
Is a basic feature of how unix shells work, and there's no way to change it.
How about adding
The examples given are potential admin tasks doing filesystem maintenance on a user's folder.
Right, so an admin tarballing the content of a user's folder is an idiot because he didn't check to make sure the shell he was using wouldn't pass any of the file names as executable attributes instead of, you know, file names?
The one line summary for this story is bad things happen to people who use a command without knowing what the command does.
The definition of the unix wildcard when used in the shell is:
"The character * is a wildcard and matches zero or more character(s) in a file (or directory) name."
Note that the definition doesn't include anything about translate filenames into other kinds of executable parameters.
Probably because anybody who's used the various Bourne-style shells for a while
considers it a feature, not a bug. This is a case where the Principle of Least
Surprise comes up with different answers for novice users and for experts:
"What? A * can expand into an unintended command argument?" "Yeah, what *else*
would it do - the shell is just globbing, it doesn't know for sure what the
command will do with the parameter".
Who asked for this feature? Can anyone give me a legitimate use case for "tar cf archive.tar *" evaluating as
tar cf archive.tar admin.php ado.php --checkpoint=1 "--checkpoint-action=exec=sh shell.sh"
instead of
tar cf archive.tar "./admin.php" "./ado.php" "./--checkpoint=1" "./--checkpoint-action=exec=sh shell.sh"
That's not true, unless you're talking about building a large receiver right next to their transmitter and physically blocking the signal.
RFID? As long as your tags are no more than a few mm away from your phone sure that would work
Passive RFID works in very much the same way as what this Kickstarter describes. An RF pulse gives it just enough juice to do a miniscule amount of processing (looking up a stored number), then broadcast it back out to the world. Yes, capturing background RF would take some doing, but I don't know that I'd call it all that far outside the realm of plausibility.
The difference is distance; RFID only works with the reader very close to the tag (or with a large, directional antenna). Remember that RF strength decreases by the square of the distance (inverse-square law) and even just a few cm away from the reader RFID tags stop working. These iFind tags would be receiving even less energy than that, and if you can't power an RFID tag with that you're not going to be able to power an active Bluetooth device either.
Right so, instead of building stronger homes that don't collapse into a heap during strong winds, we'll create an absolutely gigantic wall to protect all the flimsy nailed together timber and drywall constructions within?
Yeah that makes perfect sense.
A penny saved is a penny to squander. -- Ambrose Bierce
