Post AttNdPMmlcq8KgyElc by Lee_Holmes@infosec.exchange
 (DIR) More posts by Lee_Holmes@infosec.exchange
 (DIR) Post #AttNdPMmlcq8KgyElc by Lee_Holmes@infosec.exchange
       2025-05-08T17:45:25Z
       
       0 likes, 0 repeats
       
       It makes me super uncomfortable that globbing in Bash can turn into code execution. The fact that the name of a file can change the behavior of ls is scary. This also works for other commands that you tend to glob with, such as rm.
       
 (DIR) Post #AttNdPnj9SOHgFZklE by jernej__s@infosec.exchange
       2025-05-08T18:11:41Z
       
       1 likes, 0 repeats
       
       @Lee_Holmes It's not just bash, this affects any shell that does globbing, and there's no real way to prevent it. Programs that use getopt can use -- to signify end of parameters, but you're the one that has to remember to use it.
       
 (DIR) Post #AttNdT6Gsy0TudH6a8 by Lee_Holmes@infosec.exchange
       2025-05-08T17:57:28Z
       
       0 likes, 0 repeats
       
       I'm sure there's something here, but I don't have the patience to find it :)
       
 (DIR) Post #Atv13rmJqVVxLlTs24 by lanodan@queer.hacktivis.me
       2025-05-09T13:18:38.987732Z
       
       0 likes, 0 repeats
       
       @domi @Lee_Holmes And why I add POSIXLY_CORRECT=1 from time to time so glibc's getopt(3) stops parsing options at first non-option.