Xref: utzoo comp.unix.shell:514 alt.sources.d:945
Path: utzoo!utgpu!cs.utexas.edu!sdd.hp.com!elroy.jpl.nasa.gov!jpl-devvax!lwall
From: lwall@jpl-devvax.JPL.NASA.GOV (Larry Wall)
Newsgroups: comp.unix.shell,alt.sources.d
Subject: Re: Beware xargs security holes
Message-ID: <9875@jpl-devvax.JPL.NASA.GOV>
Date: 9 Oct 90 18:37:17 GMT
References: <1990Oct9.060954.25690@watcgl.waterloo.edu> <9365:Oct910:43:4590@kramden.acf.nyu.edu> <63404@iuvax.cs.indiana.edu>
Reply-To: lwall@jpl-devvax.JPL.NASA.GOV (Larry Wall)
Organization: Jet Propulsion Laboratory, Pasadena, CA
Lines: 22

In article <63404@iuvax.cs.indiana.edu> sahayman@iuvax.cs.indiana.edu (Steve Hayman) writes:
: >Yeah. xargs should have a -0 option for taking null-separated filenames
: >for its input. find should have a -print0 option for producing similar
: >output.
: 
: So long as you have to modify "find" anyway to solve this problem, why
: not just add "-xargs" option to "find", that would be like the "-exec"
: option only using as many file names as possible at once.
: 
: 	find .... -xargs rm {} \;
: 
: Seems simpler than modifying two programs.

What makes you think xargs is the only program that would like to use -print0
output?  Think toolbox, man!  (That's how Randal would say it.)

    find ... -print0 | perl -e '$/ = "\0"; while (<>) {chop; unlink;}'

That doesn't suffer any of the security holes of xargs.

Larry Wall
lwall@jpl-devvax.jpl.nasa.gov