Date: Tue, 26 Jul 2005 19:11:59 -0500 From: Lane <lane@joeandlane.com> To: freebsd-questions@freebsd.org Subject: Re: cat /dev/urandom Message-ID: <200507261912.00255.lane@joeandlane.com> In-Reply-To: <d4b4435a0507261647325c336c@mail.gmail.com> References: <20050726183029.M97284@neptune.atopia.net> <200507261849.46220.lane@joeandlane.com> <d4b4435a0507261647325c336c@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 26 July 2005 18:47, Michael Beattie wrote: > On 7/26/05, Lane <lane@joeandlane.com> wrote: > > On Tuesday 26 July 2005 18:18, Michael Beattie wrote: > > > `cat /dev/urandom` will do just that... it's not also going to run > > > code from within that output. > > > > > > On 7/26/05, Lane <lane@joeandlane.com> wrote: > > > > On Tuesday 26 July 2005 17:35, Michael Beattie wrote: > > > > > On 7/26/05, Matt Juszczak <matt@atopia.net> wrote: > > > > > > Hi all, > > > > > > > > > > > > Quick question. > > > > > > > > > > > > shell# cat /dev/urandom > > > > > > > > > > > > can that executed as root cause any harm to the system? What if > > > > > > a random sequence of `rm *` was generated... would it be > > > > > > executed? > > > > > > > > > > > > I tried that to fix my terminal and forgot it might cause damage > > > > > > as root, even if its just being cat'd to the screen. I thought I > > > > > > saw some files fly by which would indicate an execution of > > > > > > `ls`.... > > > > > > > > > > > > Just curious.... > > > > > > > > > > If you had a file with an rm * in it and you cat'd it would it > > > > > execute? _______________________________________________ > > > > > > > > That's a good answer, but what if the command was: > > > > > > > > `cat /dev/urandom` > > > > > > > > could /dev/urandom generate arbitrary and potentially executable > > > > code? > > > > > > > > I'm curious, too > > > > > > > > lane > > > > _______________________________________________ > > > > Hmmm.... interesting. > > > > if I create a file, test, in the current directory like this: > > > > echo -n ls -al >test > > > > Then type `cat test` > > > > I get a directory listing. > > > > Assuming that /dev/urandom generates something like "ls -al" followed by > > a newline, then it stands to reason that `cat /dev/urandom` will actually > > execute the command "ls -al" > > > > Why is it that this does not hold true for `cat /dev/urandom` ? > > > > Still curious > > Huh. Look at that. I guess I was wrong. I wonder why... > > Maybe the `` makes it "escape" from the shell and so it cats the file > and then when it comes back to the shell it sees the ls -al and runs > it. Yeah, backticks are good for that. it seems like /dev/urandom generates mostly ... random ... stuff. But I wonder if there are any safeguards to prevent such a combination from being generated. After reading "man 4 random" and /usr/src/sys/dev/random/randomdev.c, it seems that the output of /dev/urandom is "truly random." So I guess the only thing that prevents such an occurrence is careful thought before you make such a call :) lane
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200507261912.00255.lane>