|
Home > Archive > Unix Programming > January 2006 > Evil filename
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| Fletcher Glenn 2006-01-13, 10:41 pm |
| While talking with an associate about spaces in Windows filenames, the
question was raised about spaces in UNIX filenames. This led to the
subject of "hard to remove" files which are usually accidentally
created. It was then that it occurred to me that the most evil file
name possible is: "-rf *". Any careless newbie would be in big trouble
trying to delete this file.
--
Fletcher Glenn
| |
| Victor Wagner 2006-01-13, 10:41 pm |
| Fletcher Glenn <fletcher@removethisfoglight.com> wrote:
> While talking with an associate about spaces in Windows
> filenames, the question was raised about spaces in UNIX
> filenames. This led to the subject of "hard to remove"
> files which are usually accidentally created. It was then
> that it occurred to me that the most evil file name possible
> is: "-rf *". Any careless newbie would be in big trouble
> trying to delete this file.
what about subdirectory "-rf " with file, starting with newline in it?
Or '-rf ${HOME}'
Few years ago there was vulnerablity discovered in Midnight commander,
that in attempt to enter directory with \3 symbol in its name, it
executed everything which was after \3 as shell command.
--
Journalism will kill you, but it will keep you alive while you're at it.
| |
| Bjorn Reese 2006-01-13, 10:41 pm |
| Fletcher Glenn wrote:
> While talking with an associate about spaces in Windows filenames, the
> question was raised about spaces in UNIX filenames. This led to the
> subject of "hard to remove" files which are usually accidentally
My major problem with spaces in file names is when I want to apply some
operation recursively to a file structure. Scripts or commands such as
'find' have to be written with extra care.
> created. It was then that it occurred to me that the most evil file
> name possible is: "-rf *". Any careless newbie would be in big trouble
> trying to delete this file.
Or "-rf $HOME"
--
mail1dotstofanetdotdk
| |
| Keith Thompson 2006-01-13, 10:41 pm |
| Fletcher Glenn <fletcher@removethisfoglight.com> writes:
> While talking with an associate about spaces in Windows filenames, the
> question was raised about spaces in UNIX filenames. This led to the
> subject of "hard to remove" files which are usually accidentally
> created. It was then that it occurred to me that the most evil file
> name possible is: "-rf *". Any careless newbie would be in big
> trouble trying to delete this file.
"-rf ." would be slightly worse.
--
Keith Thompson (The_Other_Keith) kst-u@mib.org <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <*> <http://users.sdsc.edu/~kst>
We must do something. This is something. Therefore, we must do this.
| |
| Måns Rullgård 2006-01-13, 10:41 pm |
| Keith Thompson <kst-u@mib.org> writes:
> Fletcher Glenn <fletcher@removethisfoglight.com> writes:
>
> "-rf ." would be slightly worse.
And '-rf .*' or '-rf ..' would be even worse.
--
Måns Rullgård
mru@inprovide.com
| |
| David Schwartz 2006-01-13, 10:41 pm |
|
"Måns Rullgård" <mru@inprovide.com> wrote in message
news:yw1xirsn3lgo.fsf@ford.inprovide.com...
> Keith Thompson <kst-u@mib.org> writes:
>
>
> And '-rf .*' or '-rf ..' would be even worse.
I think "-rf /" is the worst possible.
DS
| |
| Brian Raiter 2006-01-13, 10:41 pm |
| >>> "-rf ." would be slightly worse.
>
> I think "-rf /" is the worst possible.
Except that you can't have slashes in filenames.
b
| |
| Jordan Abel 2006-01-13, 10:41 pm |
| On 2006-01-13, Keith Thompson <kst-u@mib.org> wrote:
> Fletcher Glenn <fletcher@removethisfoglight.com> writes:
>
> "-rf ." would be slightly worse.
Many implementations forbid . or .. - or any path with one of those as
the final component, from being arguments to rm, and will not either
attempt to remove or recursively descend into them.
| |
| David Schwartz 2006-01-13, 10:41 pm |
|
"Brian Raiter" <blr@cascadia.drizzle.com> wrote in message
news:dq9617$r4f$1@cascadia.drizzle.com...
>
> Except that you can't have slashes in filenames.
>
> b
Oh, right!
DS
| |
| Keith Thompson 2006-01-13, 10:41 pm |
| "David Schwartz" <davids@webmaster.com> writes:
> "Måns Rullgård" <mru@inprovide.com> wrote in message
> news:yw1xirsn3lgo.fsf@ford.inprovide.com...
>
> I think "-rf /" is the worst possible.
Even if '/' were a legal filename character, that would be harmless
unless you have write permissions on the root directory.
--
Keith Thompson (The_Other_Keith) kst-u@mib.org <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <*> <http://users.sdsc.edu/~kst>
We must do something. This is something. Therefore, we must do this.
| |
| Rich Teer 2006-01-13, 10:41 pm |
| On Fri, 13 Jan 2006, Brian Raiter wrote:
>
> Except that you can't have slashes in filenames.
That notwithstanding, that is not an issue on Solaris 10:
root@orac301# rm -fr /
rm of / is not allowed
--
Rich Teer, SCNA, SCSA, OpenSolaris CAB member
President,
Rite Online Inc.
Voice: +1 (250) 979-1638
URL: http://www.rite-group.com/rich
| |
| Mark Rafn 2006-01-13, 10:41 pm |
| >> created. It was then that it occurred to me that the most evil file
Bjorn Reese <breese@see.signature> wrote:[vbcol=seagreen]
>Or "-rf $HOME"
or "; rm -rf /"
Then naive users trying to ls, mv, or whatnot to the file will have fun.
--
Mark Rafn dagon@dagon.net <http://www.dagon.net/>
| |
| Jordan Abel 2006-01-13, 10:41 pm |
| On 2006-01-13, Keith Thompson <kst-u@mib.org> wrote:
> "David Schwartz" <davids@webmaster.com> writes:
>
> Even if '/' were a legal filename character, that would be harmless
> unless you have write permissions on the root directory.
I believe it would still descend recursively everywhere and delete all
files in all directories where you _do_ have write permission
| |
| SM Ryan 2006-01-13, 10:41 pm |
| Fletcher Glenn <fletcher@removethisfoglight.com> wrote:
# While talking with an associate about spaces in Windows filenames, the
# question was raised about spaces in UNIX filenames. This led to the
# subject of "hard to remove" files which are usually accidentally
# created. It was then that it occurred to me that the most evil file
# name possible is: "-rf *". Any careless newbie would be in big trouble
# trying to delete this file.
/ tclsh
% open {-f *} w
file6
% exit
/ ls
-f *
/ rm ./-f\ \*
/ ls
--
SM Ryan http://www.rawbw.com/~wyrmwif/
Elvis was an artist. But that didn't stop him from joining the service
in time of war. That's why he is the king, and you're a shmuck.
| |
| Keith Thompson 2006-01-14, 2:49 am |
| Jordan Abel <random832@gmail.com> writes:
> On 2006-01-13, Keith Thompson <kst-u@mib.org> wrote:
>
> I believe it would still descend recursively everywhere and delete all
> files in all directories where you _do_ have write permission
I had assumed it would abort immediately, but I think you're right --
assuming that rm doesn't refuse to remove "/" in the first place. I
just did some quick experiments on a directory (not "/") on which I
don't have write permission, and it did remove what it could.
--
Keith Thompson (The_Other_Keith) kst-u@mib.org <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <*> <http://users.sdsc.edu/~kst>
We must do something. This is something. Therefore, we must do this.
| |
| Thomas Maier-Komor 2006-01-14, 7:48 am |
| Mark Rafn wrote:
>
> Bjorn Reese <breese@see.signature> wrote:
>
> or "; rm -rf /"
>
> Then naive users trying to ls, mv, or whatnot to the file will have fun.
> --
> Mark Rafn dagon@dagon.net <http://www.dagon.net/>
rm -rf / is not allowed by SUS and must be rejected by rm.
But 'rm -rf /*' would do.
Tom
| |
| Pascal Bourguignon 2006-01-14, 7:48 am |
| Rich Teer <rich.teer@rite-group.com> writes:
> On Fri, 13 Jan 2006, Brian Raiter wrote:
>
>
> That notwithstanding, that is not an issue on Solaris 10:
>
> root@orac301# rm -fr /
> rm of / is not allowed
With GNU fileutils it was still possible a few years ago.
But not anymore either.
--
__Pascal Bourguignon__ http://www.informatimago.com/
NOTE: The most fundamental particles in this product are held
together by a "gluing" force about which little is currently known
and whose adhesive power can therefore not be permanently
guaranteed.
| |
| Keith Thompson 2006-01-14, 8:49 pm |
| Thomas Maier-Komor <maierkom@lpr.e-technik.tu-muenchen.de> writes:
> Mark Rafn wrote:
>
>
> rm -rf / is not allowed by SUS and must be rejected by rm.
> But 'rm -rf /*' would do.
But, again, '/' is not a legal character in a file name.
--
Keith Thompson (The_Other_Keith) kst-u@mib.org <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <*> <http://users.sdsc.edu/~kst>
We must do something. This is something. Therefore, we must do this.
| |
| Michael Paoli 2006-01-17, 8:03 am |
| Fletcher Glenn wrote:
> name possible is: "-rf *". Any careless newbie would be in big trouble
> trying to delete this file.
"How you you remove a file named ..." ... yes, that name. One of many
typical questions I'll ask potential Unix Systems Administrator
candidates, ... amazing how many get that wrong, ... and often very
very wrong, ... especially considering it's also quite well covered in
the FAQ(s).
| |
| Michael Paoli 2006-01-17, 8:03 am |
| Brian Raiter wrote:
> Except that you can't have slashes in filenames.
Well, you can't normally have / as part of filename (as opposed to a
directory separator). In some cases, however, it can become part of a
filename - e.g. via certain types of file system corruption. With
file system debugging (and editing) tools, it could also probably be
intentionally introduced. When / is part of the filename itself,
things are quite problematic, as all the standard library stuff, etc.,
interprets / as a directory separator character - so dealing with a
file that actually contains / within it is very difficult.
Ah, let's see <insert evil grin> ...
$ ls
foo/bar
$ ls -aln
ls: foo/bar: No such file or directory
total 2
drwxr-xr-x 2 1003 100 1024 Jan 17 02:48 .
drwx------ 3 1003 100 168 Jan 17 03:02 ..
$ ls -d *
ls: foo/bar: No such file or directory
$ echo *
foo/bar
$ rm foo/bar
rm: cannot remove `foo/bar': No such file or directory
$ rm -rf foo
$ ls -d foo
ls: foo: No such file or directory
$ rm -rf *
$ ls
foo/bar
$ rm -i *
rm: cannot lstat `foo/bar': No such file or directory
$ unlink foo/bar
unlink: cannot unlink `foo/bar': No such file or directory
$ unlink foo
unlink: cannot unlink `foo': No such file or directory
$ ls
foo/bar
$ stat *
stat: cannot stat `foo/bar': No such file or directory
$
And fsck -n does detect and consider it a corruption:
Entry 'foo/bar' in / (2) has illegal characters in its name.
Fix? no
Oh, ... and how did I create that filesystem?
A minor tweak:
$ head --byte=136227 fs.bak >fs
$ echo -n / >> fs
$ tail --byte=+136229 fs.bak >>fs
Short of intentionally introducing such a problem, I've only once seen
that particular problem before. It involved a poor implementation of
a service that dealt with using some non-UNIX file systems on UNIX,
and, ... well, if that non-UNIX file system had files with / in them,
.... when it came to the UNIX side, ... "oops", ... it created
problems.
| |
| Jan Andres 2006-01-29, 9:31 pm |
| On 2006-01-13, Fletcher Glenn <fletcher@removethisfoglight.com> wrote:
> While talking with an associate about spaces in Windows filenames, the
> question was raised about spaces in UNIX filenames. This led to the
> subject of "hard to remove" files which are usually accidentally
> created. It was then that it occurred to me that the most evil file
> name possible is: "-rf *". Any careless newbie would be in big trouble
> trying to delete this file.
A quite interesting related concept was once told to me by a sysadmin
I talked to. He recommended that in directories with important files
you should create an empty file called "-i", so if anyone typed in
"rm *" or something similar by accident, the "-i" would usually be the
first parameter because of the sorting order, and "rm" would start
prompting the user about every file to be deleted.
Of course this will not work in all cases (e.g. "rm /foo/bar/*").
Regards
--
Jan Andres <jandres@gmx.net>
| |
| Keith Thompson 2006-01-29, 9:31 pm |
| Jan Andres <jandres@gmx.net> writes:
> On 2006-01-13, Fletcher Glenn <fletcher@removethisfoglight.com> wrote:
>
> A quite interesting related concept was once told to me by a sysadmin
> I talked to. He recommended that in directories with important files
> you should create an empty file called "-i", so if anyone typed in
> "rm *" or something similar by accident, the "-i" would usually be the
> first parameter because of the sorting order, and "rm" would start
> prompting the user about every file to be deleted.
Better yet, create a file called "-z" (which is not a valid option to rm).
--
Keith Thompson (The_Other_Keith) kst-u@mib.org <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <*> <http://users.sdsc.edu/~kst>
We must do something. This is something. Therefore, we must do this.
| |
| Jan Andres 2006-01-29, 9:31 pm |
| On 2006-01-26, Keith Thompson <kst-u@mib.org> wrote:
> Jan Andres <jandres@gmx.net> writes:
>
> Better yet, create a file called "-z" (which is not a valid option to rm).
Then again, in a future version of Unix, "-z" might change to mean,
"zero out all blocks before unlinking"... :->
Regards
--
Jan Andres <jandres@gmx.net>
| |
| Eric Sosman 2006-01-29, 9:32 pm |
|
Jan Andres wrote On 01/25/06 17:55,:
> On 2006-01-13, Fletcher Glenn <fletcher@removethisfoglight.com> wrote:
>
>
>
> A quite interesting related concept was once told to me by a sysadmin
> I talked to. He recommended that in directories with important files
> you should create an empty file called "-i", so if anyone typed in
> "rm *" or something similar by accident, the "-i" would usually be the
> first parameter because of the sorting order, and "rm" would start
> prompting the user about every file to be deleted.
The very first horror story I read about on this
topic concerned a file named "-f". The user tried to
delete the file but was unsuccessful, and then turned to
a more experienced person who was also not able to get
rid of it. Eventually, the more experienced helper had
the bright idea of using an interactive "rm" and answering
"n" to all files except the intended victim. So with this
plan in mind they typed
rm -i *
Unfortunately, the system's "rm" was written in such a
way that "-f" overrode "-i" ...
--
Eric.Sosman@sun.com
| |
| Jordan Abel 2006-01-29, 9:32 pm |
| On 2006-01-27, Eric Sosman <eric.sosman@sun.com> wrote:
> Unfortunately, the system's "rm" was written in such a
> way that "-f" overrode "-i" ...
Unfortunately, that's the only way to let someone pass -f to an alias
rm="rm -i" to override the -i.
| |
| Jan Andres 2006-01-29, 9:32 pm |
| On 2006-01-27, Jordan Abel <random832@gmail.com> wrote:
> On 2006-01-27, Eric Sosman <eric.sosman@sun.com> wrote:
>
> Unfortunately, that's the only way to let someone pass -f to an alias
> rm="rm -i" to override the -i.
I've seen that alias (along with mv="mv -i" and cp="cp -i") defined by
default on many Linux distros, and I really consider this a Very Bad
Idea(tm). People will either get used to rm prompting every time it is
used and run into, ehm, trouble when they are in a session where it
doesn't; or they will start using -f every time they want a "non-inter-
active" rm, eliminating the cases where rm would go interactive by
default, e.g. when removing files that are not yours, or that are read-
only. It sucks when you have to wonder about how rm is defined every
time you want to use it.
Regards
--
Jan Andres <jandres@gmx.net>
| |
| Michael Wojcik 2006-01-31, 7:21 pm |
|
In article <slrndtl0aj.2qhf.random832@random.yi.org>, Jordan Abel <random832@gmail.com> writes:
> On 2006-01-27, Eric Sosman <eric.sosman@sun.com> wrote:
>
> Unfortunately, that's the only way to let someone pass -f to an alias
> rm="rm -i" to override the -i.
Obviously this depends on the shell (since that's what defines how
aliases work), but in bash and ksh it's trivial to override an
alias by quoting or escaping at least one character of the command
name. Thus:
$ mkdir foo; cd foo
$ touch foo
$ alias rm='rm -i'
$ rm *
rm: remove foo? n
$ \rm *
$
So it's not necessary that the implementation make -f supercede -i
in order to work around an alias of this sort (without removing the
alias, which is also trivial in the shells I've used, but obviously
more of an inconvenience).
I typically have rm aliased (to a shell function that moves files to
a temporary holding area, something I've been doing for years even
though I can't remember the last time I accidentally removed
something I wanted to keep), and when I want "real" rm I just quote
or escape it.
That said, I now think it'd be better to use my own file-deletion
script and not get in the habit of thinking rm is anything other
than /bin/rm. Alas, I cannot be bothered to make the change now.
--
Michael Wojcik michael.wojcik@microfocus.com
Bohemia is only a stage in a man's life, except in the case of fools and
a very few others. It is not a profession. -- Arthur Ransome
|
|
|
|
|