Hey,
While playing with Terminal I noticed a weird behavior which can turn into
a security vulnerability.
I'm not sure if it's actually a bug or a feature but I thought to report it
anyway.
Details :
Whenever we enter "*" as command, shell looks for the files in current
directory and executes the
Rakesh Mane writes:
> In real life, if an attacker founds a command injection vulnerability in
> some system then he can use this flaw to bypass filters or waf's by simply
> uploading a file having a command as filename (example: reboot) and then by
> sending "*" as command.
Sending arbitrary co
* expands to all the files in the current working directory, as can be
seen with:
echo *
if you just run:
*
then you will be running the first file of them.
*But* if you have a program that allows to provide an arbitrary "*" as
the first command parameter, it would allow inserting the name of
On 2/5/16 5:47 PM, Yuri wrote:
> On 02/05/2016 11:13, Chet Ramey wrote:
>> AM_GNU_GETTEXT is the autoconf macro that adds the --disable-nls option
>> to configure. It handles checking for iconv by calling AM_ICONV. If
>> you disable it by calling configure with --disable-nls, it doesn't look
>> f
When you are doing a var expansion using the
replacement format ${VAR//./.}, is there some way to
put parens around some part of the expression and reference
them as in the [[V~re]] RE-matches?
Couldn't find anything in the manpage, but I could easily
have missed something...?
Thanks...
