Re: Bizzare bug in find, potential security implications

bug-findutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bizzare bug in find, potential security implications

From:	Piotr Gackiewicz
Subject:	Re: Bizzare bug in find, potential security implications
Date:	Mon, 18 Dec 2017 16:11:52 +0100

I have missed info on versions.

I have tested in on:
find 4.7.0-git, libc6-2.23-0ubuntu9  (Ubuntu 16.04, x86_64)
find 4.4.2, glibc-2.12-1.209.el6_9.2.x86_64 (CentOS 6, x86_64)

Same results.

Regards,

2017-12-18 16:06 GMT+01:00 Piotr Gackiewicz <address@hidden>:

>
> Hello,
>
> I have spotted bizarre bug in gnu find.
> In some circumstances, find result on '-regex' search is very dependendant
> on locale settings.
>
> I have attached a zip file, with example file tree. There are two
> directories in it, one's name encoded with 'utf-8'  and other -  in
> iso-8859-2.
>
> Now we run find, trying to find files matching regex '.*\.exe'
>
> $ LANG=pl_PL.iso-8859-2 find htdocs -type f -regex '.*\.exe$' -ls
>  12845718     12 -rw-rw-r--   1 gacek    gacek           2 Dec 18 15:00
> htdocs/Zielona\ G\363ra/hidden_malware.exe
>  12845721     12 -rw-rw-r--   1 gacek    gacek           2 Dec 18 15:00
> htdocs/Zielona\ G\303\263ra/malware.exe
>
> Never mind the output encoding, it's expected. We have luckily found two
> .exe files.
>
> But now, let's try to change locale to something more modern:
> $ LANG=pl_PL.utf-8 find htdocs -type f -regex '.*\.exe$' -ls
>  12845721     12 -rw-rw-r--   1 gacek    gacek           2 gru 18 15:00
> htdocs/Zielona\ G\303\263ra/malware.exe
>
> We have found only one of these files. One with iso-encoded filename is
> hidden!
> If one relies on -regex to search for suspicious files (apparently no
> matter, which -regextype) , some of them could be missed and still lurking
> in the filesystem.
> Find is one of basic and best system tools to be used in such scenario.
>
> BTW, there is no such problem with '-name' matching:
> $ LANG=pl_PL.utf-8 find htdocs -type f -name '*.exe' -ls
>  12845718     12 -rw-rw-r--   1 gacek    gacek           2 gru 18 15:00
> htdocs/Zielona\ G\363ra/hidden_malware.exe
>  12845721     12 -rw-rw-r--   1 gacek    gacek           2 gru 18 15:00
> htdocs/Zielona\ G\303\263ra/malware.exe
>
> Regards,
>
> --
> Piotr Gackiewicz
>



-- 
Piotr Gackiewicz

[Prev in Thread]

Current Thread

[Next in Thread]

Bizzare bug in find, potential security implications, Piotr Gackiewicz, 2017/12/18
- Re: Bizzare bug in find, potential security implications, Piotr Gackiewicz <=
- Re: Bizzare bug in find, potential security implications, Bernhard Voelker, 2017/12/19
  - Re: Bizzare bug in find, potential security implications, Eric Blake, 2017/12/19
    - Message not available
    - Message not available
    - Fwd: Bizzare bug in find, potential security implications, Piotr Gackiewicz, 2017/12/20
    - Re: Bizzare bug in find, potential security implications, Dale R. Worley, 2017/12/21
    - Re: Bizzare bug in find, potential security implications, Bernhard Voelker, 2017/12/21
    - Re: Bizzare bug in find, potential security implications, Dale R. Worley, 2017/12/22
    - Re: Bizzare bug in find, potential security implications, Piotr Gackiewicz, 2017/12/22

Prev by Date: Bizzare bug in find, potential security implications
Next by Date: Re: Bizzare bug in find, potential security implications
Previous by thread: Bizzare bug in find, potential security implications
Next by thread: Re: Bizzare bug in find, potential security implications
Index(es):
- Date
- Thread