[BlueOnyx:01205] Re: problem with Nuonce script installer
Greg Kuhnert
greg.kuhnert at theanchoragesylvania.com
Tue May 12 05:03:07 -05 2009
Tjerk Hacquebord wrote:
> "The handler code does
> /bin/rm -Rf $install_directory/*"
>
> What would happen if you have a space in the $install_directory?
> Wouldn't that execute
> /bin/rm -Rf /home/sites /mysite/
>
> In that case it would delete all of /home/sites
>
>
I've been talking to Ken off list, and he's pointed out the space
issue... I will be putting a regex in a new version to block spaces a
few other characters.
I'd still love to know for my own sanity what the actual string is that
was submitted... coz there is some stuff that already happens before
getting to the rm command
Lets say a user sent "aa bb" in a string... it gets translated to
rm -Rf /home/sites/sitename.com/web/aa bb/*
I know someone could be malicious - but it sounded like Ken had
accidentally deleted some stuff... thats the stuff I am after....
Regards,
Greg.
More information about the Blueonyx
mailing list