not a bash dev,
I'm an exploit dev. Maybe an asshole too.
On Fri, Nov 19, 2021 at 9:05 AM Kerin Millar wrote:
> (Copying the list back in ...)
>
> On Fri, 19 Nov 2021 07:19:29 -0500
> Marshall Whittaker wrote:
>
> > Though I do disagree with you, this is the only mes
what happens.
A short whitepaper on it has been made public at:
https://oxagast.org/posts/bash-wildcard-expansion-arbitrary-command-line-arguments-0day/
complete with a mini PoC.
On Wed, Nov 17, 2021 at 9:04 AM Chet Ramey wrote:
> On 11/17/21 4:16 AM, Marshall Whittaker wrote:
>
> &g
Software: bash
Version: 5.0.17(1)-release
--- SNIP ---
[marshall@jerkon]{04:09 AM}: [~/bashful] $ touch -- '--version'
[marshall@jerkon]{04:09 AM}: [~/bashful] $ touch a && mkdir b
[marshall@jerkon]{04:09 AM}: [~/bashful] $ ls -l
total 4
-rw-rw-r-- 1 marshall marshall0 Nov 17 04:09 a
drwxrwxr-x
and it did rm * on some
folder, by expansion, you could expand it to -riv or whatever you
wanted and redirect program flow from there.
Thanks,
Marshall Whittaker / oxagast
