Globbing

Rahul Siddharthan rsidd120 at gmail.com
Fri Feb 15 07:55:32 PST 2008


"Simon 'corecode' Schubert" wrote:
>echo * | xargs rm, like find . -type f | xargs rm can be exploited,
>because xargs treats every whitespace as a separation character.

Like most unix programs and shell commands.  Yet another reason to do
these things in python.

When Oliver talked of security implications I thought of race attacks,
it didn't occur to me that the shell's commandline expansion is itself
a source of an attack (like creating a file called "-r") even though
I've been bitten by such things.

Another thing that has bitten me is trying to remove all my config
files/directories, that begin with a ".", thusly
  rm -rf .*
Luckily I had backups.

This thread caused me to google a bit and I found ipython:
  http://ipython.scipy.org/
and I've just picked my jaw off the floor.  It has everything I'm
looking for -- full access to the python interpreter AND full access
to the shell.  All the best features of shells like bash, the regular
python interactive interpreter, and programs like Mathematica.  In
fact it has a "shell mode" that should, in principle, work as a
regular command shell.  Time to start exploring.

Rahul





More information about the Kernel mailing list