Beware xargs security holes
Jeff Beadles
jeff at onion.pdx.com
Tue Oct 23 15:34:23 AEST 1990
Well, under the 4.2 BSD based system I have here (Tektronix 4.1 UTek)
it appears that xargs IS quoting it's arguements. Here's the test that I did,
that's fairly safe to run.
If xargs was not quoting it's arguements, then all files starting with 'a'
would have been deleted.
Script started on Mon Oct 22 22:29:31 1990
jo:jeff> cd /usr/tmp
jo:tmp> ls -al
total 2
drwxrwxrwx 2 root 512 Oct 22 22:29 .
drwxr-xr-x 21 sys 512 Oct 19 23:18 ..
jo:tmp> touch 'a' 'a*' 'aa' 'aaa' 'aaaa'
jo:tmp> ls -al
total 2
drwxrwxrwx 2 root 512 Oct 22 22:29 .
drwxr-xr-x 21 sys 512 Oct 19 23:18 ..
-rw-r--r-- 1 jeff 0 Oct 22 22:29 a
-rw-r--r-- 1 jeff 0 Oct 22 22:29 a*
-rw-r--r-- 1 jeff 0 Oct 22 22:29 aa
-rw-r--r-- 1 jeff 0 Oct 22 22:29 aaa
-rw-r--r-- 1 jeff 0 Oct 22 22:29 aaaa
jo:tmp> find . -name 'a?' -print | xargs -t rm -f
rm -f ./a* ./aa
jo:tmp> ls -al
total 2
drwxrwxrwx 2 root 512 Oct 22 22:30 .
drwxr-xr-x 21 sys 512 Oct 19 23:18 ..
-rw-r--r-- 1 jeff 0 Oct 22 22:29 a
-rw-r--r-- 1 jeff 0 Oct 22 22:29 aaa
-rw-r--r-- 1 jeff 0 Oct 22 22:29 aaaa
jo:tmp> exit
script done on Mon Oct 22 22:30:30 1990
A sigh of relief... :-)
-Jeff
--
Jeff Beadles jeff at onion.pdx.com
More information about the Comp.unix.shell
mailing list