Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic
 
PerlMonks  

Re^5: Getting information about a remote file via SSH: how to escape the filename

by Happy-the-monk (Monsignor)
on Jun 27, 2013 at 16:44 UTC ( #1041049=note: print w/ replies, xml ) Need Help??


in reply to Re^4: Getting information about a remote file via SSH: how to escape the filename
in thread Getting information about a remote file via SSH: how to escape the filename

How can you discern a valid filename from a malicious one in a generic way?

I probably couldn't.

I actually haven't seen an attack through malicious filenames in 20 years.
*knock on wood*

The olden days war story goes along the lines of files containing unix brand conforming line breaks followed by commands. Those were aimed at the habit of some superuser types using scripts with xargs(1) for file system tidyup tasks or such and ending up with unwanted command execution. I find I don't remember that very well.

Generally I'd prefer my file names to contain [\w.-] exclusively... the world out there please hear my wishful plea :-)

Cheers, Sören

(hooked on the Perl Programming language)


Comment on Re^5: Getting information about a remote file via SSH: how to escape the filename

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1041049]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (7)
As of 2014-07-31 08:17 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (246 votes), past polls