Is there an alternative for the slash in a path?

Question

I have an application which correctly escapes slashes ("/) in file names to avoid path traversal attacks.

The secret file has this path: /tmp/secret.txt

I want to access this file by uploading a file with a special crafted file name (something like \/tmp\/secret.txt)

Is there any alternative syntax without the slashes which I can use so that Linux will read this file?

(I'm aware of URL encoding but as the escaping is done in the backend this has no use for me.)

Answer 1

No. The / is not allowed in a filename, no matter if it's escaped as \/ or not.

It is one out of only two characters that are not allowed in filenames, the other being \0.

This means that you obviously could use _tmp_secret.txt or -tmp-secret.txt, or replace the / in the path with any other character that you wish, to create a filename with a path "encoded into it". But in doing so, you can not encode pathnames that includes the chosen delimiter character in one or several of its path components and expect to decode it into the original pathname.

This is, by the way, how OpenBSD's ports system encodes filenames for patches to software. In (for example) /usr/ports/shells/fish/patches we find files with names like

patch-share_tools_create_manpage_completions_py

which comes from the pathname of a particular file in the fish shell source distribution (probably share/tools/create_manpage_completions.py). These pathnames are however never parsed, and the encoding is only there to create unique and somewhat intelligible filenames for the patches themselves. The real paths are included in the patch files.