Date: Mon, 15 Mar 2004 19:10:39 -0600 From: "Kevin D. Kinsey, DaleCo, S.P." <kdk@daleco.biz> To: Walter <walterk1@earthlink.net> Cc: Questions <freebsd-questions@freebsd.org> Subject: Re: [Fwd: Re: deleting directories with ??? in name] Message-ID: <4056540F.6080904@daleco.biz> In-Reply-To: <40564E2C.7060706@earthlink.net> References: <40564E2C.7060706@earthlink.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Walter wrote: > I managed to delete the files by recreating the directory. > Ah, you have the hacker nature, then. That is probably a Good Thing(TM) ... I was going to suggest $cp * ../otherdir/ $cd .. && rmdir thatdir $mv otherdir thatdir :-) > Not to seem ungrateful, but isn't it a Bad Thing that it > is not straightforeward to delete any file on the system > (as root, and thwarted merely because of the characters in > the name of the file/directory)? I'm not in a position to > mangle lynx, but oughtn't it to be able to zap ANY file > regardless of its name? (emacs is obtuse to me.) Is this > worthy of a PR? Or are there other ways to kill a > malconforming file? Why should an annonomous FTP user > be able to create a directory tree that the root account > of the machine can't traverse and delete normally? (Sigh.) Last question first, because he has the "cracker" nature? Nah, nevermind; it was probably a bot.... As a point of discussion, when was the last time you attempted to remove a file dropped by a Windows virus, and were told, "no way, Jose`" ... (?) I'm guessing that there is more to it than the "characters in the name of the file/directory". Remember that the characters we see are ultimately a symbolic representation of another type of data, and it is possible to construct code that would deceive us, or our programs.... To attempt to answer the issue you describe, on the surface we must assume that this is a limitation of the interface, i.e. whatever shell you are using, whatever shell/API/whatever your application is using. Obviously if it can be created, it can be deleted, under the right circumstances. But your removal tool must be at least as powerful as the one that placed it there; and it's quite possible that whatever did this is a tad more powerful than tcsh or bash.... I'm sure if you wanted to write a better shell, you'd be told to go right ahead :-) Of more concern to me in this situation would be .... if this anonymous FTP user put this "weird" file on your system ... what *else* did he put there? Are you sure he wasn't able to traverse the chrooted ftp homedir? If access was gained to the filesystem at some lower level ... hmm.... I think you should definitely attempt to analyze whether this machine has been totally compromised...and quite possibly treat it as such...of course, I'm a little overcautious (read A**l) re: security issues like this... ;-) Maybe the security list; or, perhaps better, another thread here to solicit opinions on whether you have aught to fear from this...but, maybe I'm just plain wrong. Kevin Kinsey DaleCo, S.P.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4056540F.6080904>