Xref: utzoo comp.unix.shell:516 alt.sources.d:946
Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!yale!cmcl2!kramden.acf.nyu.edu!brnstnd
From: brnstnd@kramden.acf.nyu.edu (Dan Bernstein)
Newsgroups: comp.unix.shell,alt.sources.d
Subject: Re: Beware xargs security holes
Message-ID: <12755:Oct919:53:3990@kramden.acf.nyu.edu>
Date: 9 Oct 90 19:53:39 GMT
References: <1990Oct9.060954.25690@watcgl.waterloo.edu> <9365:Oct910:43:4590@kramden.acf.nyu.edu> <63404@iuvax.cs.indiana.edu>
Organization: IR
Lines: 19

In article <63404@iuvax.cs.indiana.edu> sahayman@iuvax.cs.indiana.edu (Steve Hayman) writes:
> >Yeah. xargs should have a -0 option for taking null-separated filenames
> >for its input. find should have a -print0 option for producing similar
> >output.
> So long as you have to modify "find" anyway to solve this problem, why
> not just add "-xargs" option to "find", that would be like the "-exec"
> option only using as many file names as possible at once.
> 	find .... -xargs rm {} \;
> Seems simpler than modifying two programs.

On the general grounds of ``modularity'' I'll claim that the separate
commands are more useful. I imagine commands other than xargs being able
to take that 0-terminated list and do something with it.

Modularity aside, it's much, much simpler to add -0 to xargs (a few
lines added) and -print0 to find (just change a \n to \0) than to add
all of the argument handling of xargs into find.

---Dan