Don't ask to ask, just ask | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
Excuses like, "there are too many files in the directory to see all of them easily" don't hold up. Classic security exploits often involve race conditions:
(Where pgrep is a Perl-based 'grep' command such as this one that you might want because you like Perl regular expressions.) So I don't think looking at what * will expand to before you use it makes that much sense. But mostly I still consider it a very poor tool that will leak file name contents into the execution stream. That is just such a bad idea that I think most people will find such very surprising and easy to forget. I don't feel like I'm being dramatic in saying that this should be a CERT advisory. That something as simple as using "pgrep" as root on files whose names you don't control can run arbitrary code (as root) is a serious security risk that could easily result in security being breached somewhere. It is easy to come up with many different ways this could end up breaching security. So far, I haven't come up with a really plausible way that I could use this to gain privileges somewhere. But the huge number of implausible ways that are so easy to come up with convince me that this is a real risk; that someone will figure out a plausible way to use this to "break in" somewhere. It is a larger security hole than many items that have been the subject of CERT advisories. - tyeIn reply to Re^2: Dangerous diamonds! (races)
by tye
|
|