[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #17478] in `-ls` mode, filenames not escaped in error messages
|
From: |
Tavis Ormandy |
|
Subject: |
[bug #17478] in `-ls` mode, filenames not escaped in error messages |
|
Date: |
Sat, 19 Aug 2006 19:38:54 +0000 |
|
User-agent: |
Opera/9.00 (X11; Linux i686; U; en) |
URL:
<http://savannah.gnu.org/bugs/?17478>
Summary: in `-ls` mode, filenames not escaped in error
messages
Project: findutils
Submitted by: taviso
Submitted on: Saturday 08/19/2006 at 19:38
Category: find
Severity: 3 - Normal
Item Group: Wrong result
Status: None
Privacy: Public
Assigned to: None
Originator Name:
Originator Email:
Open/Closed: Open
Release: 4.2.28
Fixed Release: None
_______________________________________________________
Details:
The `UNUSUAL FILENAMES` section of the find man page indicates that the
actions `-ls`, `-fls`, etc. will safely sanitise filenames for display on a
terminal, however error messages are still unsaitised.
A malicious user who wanted to hide the location of a directory heirarchy
from an administrator could theoretically abuse this flaw to send the
terminal control characters to modify the output of find.
Reproduce:
$ mkdir test
$ for ((i=0;i<1024;i++)); do touch `printf "\a%d" $i`; done
$ rm * & find -ls
...
4056900 0 -rw-r--r-- 1 taviso users 0 Aug 19 21:36
./999\007\007
find: ./1000: No such file or directory
find: ./1001: No such file or directory
find: ./1002: No such file or directory
(ie, the error messages contain \a)
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?17478>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [bug #17478] in `-ls` mode, filenames not escaped in error messages,
Tavis Ormandy <=