[Fwd: Re: deleting directories with ??? in name]
Kevin D. Kinsey, DaleCo, S.P.
kdk at daleco.biz
Mon Mar 15 17:10:46 PST 2004
Walter wrote:
> I managed to delete the files by recreating the directory.
>
Ah, you have the hacker nature, then. That is
probably a Good Thing(TM) ... I was going to
suggest
$cp * ../otherdir/
$cd .. && rmdir thatdir
$mv otherdir thatdir
:-)
> Not to seem ungrateful, but isn't it a Bad Thing that it
> is not straightforeward to delete any file on the system
> (as root, and thwarted merely because of the characters in
> the name of the file/directory)? I'm not in a position to
> mangle lynx, but oughtn't it to be able to zap ANY file
> regardless of its name? (emacs is obtuse to me.) Is this
> worthy of a PR? Or are there other ways to kill a
> malconforming file? Why should an annonomous FTP user
> be able to create a directory tree that the root account
> of the machine can't traverse and delete normally? (Sigh.)
Last question first, because he has the
"cracker" nature? Nah, nevermind; it
was probably a bot....
As a point of discussion, when was the
last time you attempted to remove a file
dropped by a Windows virus, and were
told, "no way, Jose`" ... (?)
I'm guessing that there is more to it
than the "characters in the name of
the file/directory". Remember that
the characters we see are ultimately
a symbolic representation of another
type of data, and it is possible to construct
code that would deceive us, or our programs....
To attempt to answer the issue you describe,
on the surface we must assume that this is a
limitation of the interface, i.e. whatever shell you
are using, whatever shell/API/whatever
your application is using. Obviously if
it can be created, it can be deleted, under
the right circumstances. But your
removal tool must be at least as powerful
as the one that placed it there; and it's
quite possible that whatever did this is a
tad more powerful than tcsh or bash....
I'm sure if you wanted to write a better
shell, you'd be told to go right ahead :-)
Of more concern to me in this situation
would be .... if this anonymous FTP user
put this "weird" file on your system ... what
*else* did he put there? Are you sure he
wasn't able to traverse the chrooted
ftp homedir? If access was gained to the
filesystem at some lower level ... hmm....
I think you should definitely attempt
to analyze whether this machine has
been totally compromised...and quite
possibly treat it as such...of course,
I'm a little overcautious (read A**l) re:
security issues like this... ;-)
Maybe the security list; or, perhaps
better, another thread here to solicit
opinions on whether you have aught
to fear from this...but, maybe I'm just
plain wrong.
Kevin Kinsey
DaleCo, S.P.
More information about the freebsd-questions
mailing list