Beware xargs security holes
Rouben Rostamian
rouben at math9.math.umbc.edu
Sun Oct 21 13:55:00 AEST 1990
In article <2113 at sixhub.UUCP> davidsen at sixhub.UUCP (bill davidsen) writes:
> It *appears* that xenix quotes its arguments in xargs, since I did a
>small and cautious test and it worked all right. How about testing your
>version of xargs and posting the results here? I will do Sun, Ultrix and
>(if I get the files reloaded) V.4.
Why "small and cautious"? To test whether xargs quotes its arguments,
in an empty directory do:
touch "This is a test"
find . -print | xargs rm
If the file "This is a test" goes away, then xargs is quoting its arguments.
Otherwise, xargs is feeding the file name as four separate arguments to rm
and you will get complains from rm for not finding the files.
I ran this test on Ultrix V4.0 and on a Stardent 3000 (a hybrid SysV/bsd
beast.) In neither test the file was removed. So no quoting from xargs
in these cases.
--
Rouben Rostamian Telephone: (301) 455-2458
Department of Mathematics and Statistics e-mail:
University of Maryland Baltimore County bitnet: rostamian at umbc
Baltimore, MD 21228, U.S.A. internet: rostamian at umbc3.umbc.edu
More information about the Comp.unix.shell
mailing list