dude, again, --version is not bashs arg, cp and touch et la are not bash and what u do there is start a suid bash is that such a wonder ?
On Fri, Nov 19, 2021, 11:53 Marshall Whittaker <marshallwhitta...@gmail.com> wrote: > You could argue that bash should parse filenames globbed from * that start > with - and exclude them specifically, so I'll have to respectfully > disagree. Also, it is not the programs doing the parsing of *, that is a > function of bash. Try typing * in just your terminal/command line and see > what happens. > A short whitepaper on it has been made public at: > https://oxagast.org/posts/bash-wildcard-expansion-arbitrary-command-line-arguments-0day/ > complete with a mini PoC. > > On Wed, Nov 17, 2021 at 9:04 AM Chet Ramey <chet.ra...@case.edu> wrote: > >> On 11/17/21 4:16 AM, Marshall Whittaker wrote: >> >> > This shouldn't happen beacuse you can drop a file and then redirect >> > other code for example calling a script if you only have access to drop >> > a file. Say a cronjob was running every hour, and it did rm * on some >> > folder, by expansion, you could expand it to -riv or whatever you >> > wanted and redirect program flow from there. >> >> That's just bad scripting. >> >> -- >> ``The lyf so short, the craft so long to lerne.'' - Chaucer >> ``Ars longa, vita brevis'' - Hippocrates >> Chet Ramey, UTech, CWRU c...@case.edu http://tiswww.cwru.edu/~chet/ >> >
