Beware xargs security holes
David E A Wilson
david at cs.uow.edu.au
Fri Oct 26 22:38:01 AEST 1990
At least with SunOS 4.1 the manual page describes exactly what characters
will cause problems.
Arguments read in from the standard input are defined to be
contiguous strings of characters delimited by white space.
Empty lines are always discarded. Blanks and tabs may be
embedded as part of an argument if they are escaped or
quoted. Characters enclosed in quotes (single or double)
are taken literally, and the delimiting quotes are removed.
Outside of quoted strings, a `\' (backslash) will escape the
character it precedes.
Newlines cannot be part of an argument and spaces & quotes would cause so many
problems that you would have to preceed each character with a \ to be sure.
--
David Wilson Dept Comp Sci, Uni of Wollongong david at cs.uow.edu.au
More information about the Comp.unix.shell
mailing list