Beware xargs security holes
Dan Bernstein
brnstnd at kramden.acf.nyu.edu
Tue Oct 23 06:09:07 AEST 1990
In article <1990Oct21.223729.10521 at chinet.chi.il.us> les at chinet.chi.il.us (Leslie Mikesell) writes:
> Even if you eliminate part of the problem by using a '\0' delimiter
> to syncronize find and xargs, you can still get into trouble with a
> file named "-r" appearing at the front of an argument list that might
> also mention directories.
No, you can't. As long as find is invoked upon a fixed directory name
(like . or / or /tmp), every name it prints will start with that. So
find / -name core -atime +7 -print0 | xargs -0 rm
will be safe. You can always use rm --, but there's no need to.
---Dan
More information about the Comp.unix.shell
mailing list