Beware xargs security holes
Leslie Mikesell
les at chinet.chi.il.us
Mon Oct 22 08:37:29 AEST 1990
In article <3484 at idunno.Princeton.EDU> pfalstad at fish.Princeton.EDU (Paul John Falstad) writes:
>Though as Dan said earlier, even if xargs quotes its arguments, you can
>still get in trouble, since find and xargs use a newline as a delimiter for
>filenames, and filenames can have newlines in them.
Actually the problem of allowing characters that are valid in filenames
to have special meanings on the command line runs rampant throughout
unix. Even if you eliminate part of the problem by using a '\0' delimiter
to syncronize find and xargs, you can still get into trouble with a
file named "-r" appearing at the front of an argument list that might
also mention directories.
Les Mikesell
les at chinet.chi.il.us
More information about the Comp.unix.shell
mailing list