comment on

How can you discern a valid filename from a malicious one in a generic way?

I probably couldn't.

I actually haven't seen an attack through malicious filenames in 20 years.
*knock on wood*

The olden days war story goes along the lines of files containing unix brand conforming line breaks followed by commands. Those were aimed at the habit of some superuser types using scripts with xargs(1) for file system tidyup tasks or such and ending up with unwanted command execution. I find I don't remember that very well.

Generally I'd prefer my file names to contain [\w.-] exclusively... the world out there please hear my wishful plea :-)

Cheers, Sören

(hooked on the Perl Programming language)

In reply to Re^5: Getting information about a remote file via SSH: how to escape the filename by Happy-the-monk
in thread Getting information about a remote file via SSH: how to escape the filename by jonadab

Are you posting in the right place? Check out Where do I post X? to know for sure.
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
Want more info? How to link or How to display code and escape characters are good places to start.


XP is just a number
	PerlMonks