1. 12
  1.  

  2. 3

    Thank you for sharing this. I was unaware of this category of attack. After having read the article, I’m surprised people write so much about SQL injections, XSS, etc. and never about this.

    1. 6

      Probably because in-order to do these attacks you need a fair bit of privileges on the system already. And calling through directly to command line apps from something like a webpage is already considered bad practice.

      1. 2

        I was thinking of another scenario, where a misprogrammed web application would permit the attacker to save arbitrary filenames on the server, and some time later the admin of the server would run a command using wildcards, for example to delete a directory containing the attacker file, without knowing the “bad” file is there because it is “hidden” in a large mass of otherwise correct files.

        1. 1

          Yes, certainly possible, but a much less effective attack than, say, SQL injections.

          1. 1

            I agree.

    2. 3

      And this is why you should properly escape input, such as using getopt()’s double-hyphen ‘–’ (I know the markdown is going to change that into a long-hyphen) to signify the end of the options.

      1. 3

        …or prefix every file name wildcard on the shell with ./ - globbing will expand that -rf into ./-rf, de-fanging it. (:

      2. 1

        As sebcat mentioned on HN: “I’m not sure how to put it mildly, but I think you might have been scooped on this some 1-2 decades ago…”

        http://seclists.org/fulldisclosure/2014/Jun/136"