Path: utzoo!utgpu!news-server.csri.toronto.edu!clyde.concordia.ca!mcgill-vision!snorkelwacker!mintaka!olivea!apple!agate!shelby!neon!Gang-of-Four!dkeisen
From: dkeisen@Gang-of-Four.Stanford.EDU (Dave Eisen)
Newsgroups: comp.unix.shell
Subject: Re: Beware xargs security holes
Message-ID: <1990Oct19.173133.11096@Neon.Stanford.EDU>
Date: 19 Oct 90 17:31:33 GMT
References: <3876@awdprime.UUCP> <tim.656101080@ggumby> <3940@awdprime.UUCP>
Sender: news@Neon.Stanford.EDU (USENET News System)
Organization: Sequoia Peripherals
Lines: 24

In article <3940@awdprime.UUCP> tif@doorstop.austin.ibm.com (Paul Chamberlain) writes:
>In article <tim.656101080@ggumby> tim@ggumby.cs.caltech.edu (Timothy L. Kay) writes:
>>tif@doorstop.austin.ibm.com (Paul Chamberlain) writes:
>>>In article brnstnd@kramden.acf.nyu.edu (Dan Bernstein) writes:
>>>>  find / -name '#*' -atime +7 -print | xargs rm
>>>>lets a malicious user remove every file on the system.
>>>
>
>In any case, I've yet to see how "a malicious user [could]
>remove every file on the system."
>

If xargs is implemented using system (as it is on this machine),
an old file named #<newline>-rf * will remove every file on the machine if
the rm -rf * happens to be the start of the buffer passed to system.




--
Dave Eisen                      	    Home: (415) 323-9757
dkeisen@Gang-of-Four.Stanford.EDU           Office: (415) 967-5644
1447 N. Shoreline Blvd.
Mountain View, CA 94043