Beware xargs security holes
Dan Bernstein
brnstnd at kramden.acf.nyu.edu
Wed Oct 24 07:25:30 AEST 1990
In article <1890 at necisa.ho.necisa.oz> boyd at necisa.ho.necisa.oz (Boyd Roberts) writes:
> In article <3940 at awdprime.UUCP> tif at doorstop.austin.ibm.com (Paul Chamberlain) writes:
> >In any case, I've yet to see how "a malicious user [could]
> >remove every file on the system."
> A malicious user may be able to embed newlines in filenames,
> but that's not going to trash the _whole_ file-system.
Oh? Each filename he sets up can remove dozens of other files. There are
only so many files in the entire system.
> If someone did change xargs(1) to use system(3) it's obviously been broken.
Agreed.
---Dan
More information about the Comp.unix.shell
mailing list