Hey, While playing with Terminal I noticed a weird behavior which can turn into a security vulnerability. I'm not sure if it's actually a bug or a feature but I thought to report it anyway.
Details : Whenever we enter "*" as command, shell looks for the files in current directory and executes the filename as a shell command. For example : $ echo $BASH_VERSION 4.3.42(1)-release $ touch id $ ls id $ * uid=10191(u0_a191) gid=10191(u0_a191) groups=1015(sdcard_rw),1028(sdcard_r),3003(inet),9997(everybody),50191(all_a191) context=u:r:untrusted_app:s0 In above example I created a file named "id" in an empty directory and then entered "*" as command. After that the "id" command got executed. In real life, if an attacker founds a command injection vulnerability in some system then he can use this flaw to bypass filters or waf's by simply uploading a file having a command as filename (example: reboot) and then by sending "*" as command. Thanks
