Beware xargs security holes
Larry Wall
lwall at jpl-devvax.JPL.NASA.GOV
Wed Oct 10 04:37:17 AEST 1990
In article <63404 at iuvax.cs.indiana.edu> sahayman at iuvax.cs.indiana.edu (Steve Hayman) writes:
: >Yeah. xargs should have a -0 option for taking null-separated filenames
: >for its input. find should have a -print0 option for producing similar
: >output.
:
: So long as you have to modify "find" anyway to solve this problem, why
: not just add "-xargs" option to "find", that would be like the "-exec"
: option only using as many file names as possible at once.
:
: find .... -xargs rm {} \;
:
: Seems simpler than modifying two programs.
What makes you think xargs is the only program that would like to use -print0
output? Think toolbox, man! (That's how Randal would say it.)
find ... -print0 | perl -e '$/ = "\0"; while (<>) {chop; unlink;}'
That doesn't suffer any of the security holes of xargs.
Larry Wall
lwall at jpl-devvax.jpl.nasa.gov
More information about the Alt.sources.d
mailing list