

Exploiting Wildcard Expansion on Linux - fcambus
https://dicesoft.net/projects/wildcard-code-execution-exploit.htm

======
feld
First of all this isn't a Linux problem, it's a shell problem.

Secondly, this isn't any more of a security issue than blindly running a
forkbomb or shell script someone pastes online. This is Unix. This is how it
works. If you don't pay attention to what you're doing you will be burned in
creative ways.

(also, who on this planet runs ls * ?)

tl;dr this could be avoided by "scp -- *".

UNIX was not designed to stop you from doing stupid things, because that would
also stop you from doing clever things.

— Doug Gwyn

The idea that an arbitrary naive human should be able to properly use a given
tool without training or understanding is even more wrong for computing than
it is for other tools (e.g. automobiles, airplanes, guns, power saws).

— Doug Gwyn

