Lee Holmes :donor: on Nostr: It makes me super uncomfortable that globbing in Bash can turn into code execution. ...
It makes me super uncomfortable that globbing in Bash can turn into code execution. The fact that the name of a file can change the behavior of ls is scary. This also works for other commands that you tend to glob with, such as rm.
Published at
2025-05-08 17:45:25 UTCEvent JSON
{
"id": "9cd0a283dcefe63e7462a761fad46b984763b73b19b4862fd25cf6ae9c73a1ec",
"pubkey": "7cc68551aa62a3b372c26016158d54c074dfc0c27727bf4a706d31d65b70de0f",
"created_at": 1746726325,
"kind": 1,
"tags": [
[
"imeta",
"url https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/473/365/560/779/121/original/e99ebbf9bf333d0f.png",
"m image/png"
],
[
"proxy",
"https://infosec.exchange/@Lee_Holmes/114473456490599222",
"web"
],
[
"proxy",
"https://infosec.exchange/users/Lee_Holmes/statuses/114473456490599222",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/Lee_Holmes/statuses/114473456490599222",
"pink.momostr"
],
[
"-"
]
],
"content": "It makes me super uncomfortable that globbing in Bash can turn into code execution. The fact that the name of a file can change the behavior of ls is scary. This also works for other commands that you tend to glob with, such as rm.\nhttps://media.infosec.exchange/infosec.exchange/media_attachments/files/114/473/365/560/779/121/original/e99ebbf9bf333d0f.png\n",
"sig": "7f16a880c30e6b1a1d98cac1bfaeae1f1c53cb384f6d2c94e8f4bc3ddd3c0b49f9964422eab2003f84671b928064d1b969042c2c242663b818c1071a3819a6a7"
}
