DragonFly kernel List (threaded) for 2008-02
DragonFly BSD
DragonFly kernel List (threaded) for 2008-02
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: Globbing


From: Rahul Siddharthan <rsidd120@xxxxxxxxx>
Date: 15 Feb 2008 15:55:32 GMT
Keywords:
Summary:

"Simon 'corecode' Schubert" wrote:
>echo * | xargs rm, like find . -type f | xargs rm can be exploited,
>because xargs treats every whitespace as a separation character.

Like most unix programs and shell commands.  Yet another reason to do
these things in python.

When Oliver talked of security implications I thought of race attacks,
it didn't occur to me that the shell's commandline expansion is itself
a source of an attack (like creating a file called "-r") even though
I've been bitten by such things.

Another thing that has bitten me is trying to remove all my config
files/directories, that begin with a ".", thusly
  rm -rf .*
Luckily I had backups.

This thread caused me to google a bit and I found ipython:
  http://ipython.scipy.org/
and I've just picked my jaw off the floor.  It has everything I'm
looking for -- full access to the python interpreter AND full access
to the shell.  All the best features of shells like bash, the regular
python interactive interpreter, and programs like Mathematica.  In
fact it has a "shell mode" that should, in principle, work as a
regular command shell.  Time to start exploring.

Rahul



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]