Path: utzoo!attcan!uunet!wuarchive!udel!princeton!fish.Princeton.EDU!pfalstad
From: pfalstad@fish.Princeton.EDU (Paul John Falstad)
Newsgroups: comp.unix.shell
Subject: Re: Beware xargs security holes
Message-ID: <3484@idunno.Princeton.EDU>
Date: 21 Oct 90 05:21:03 GMT
References: <3940@awdprime.UUCP> <2113@sixhub.UUCP> <4203@umbc3.UMBC.EDU>
Sender: news@idunno.Princeton.EDU
Organization: Princeton University, Princeton, New Jersey
Lines: 13

>In article <2113@sixhub.UUCP> davidsen@sixhub.UUCP (bill davidsen) writes:
>>  It *appears* that xenix quotes its arguments in xargs, since I did a
>>small and cautious test and it worked all right. How about testing your

Though as Dan said earlier, even if xargs quotes its arguments, you can
still get in trouble, since find and xargs use a newline as a delimiter for
filenames, and filenames can have newlines in them.

--
Paul Falstad, pfalstad@phoenix.princeton.edu PLink:HYPNOS GEnie:P.FALSTAD
And Dinsdale said, "You've been a naughty boy, Clement," and splits me nostrils
open, and saws me leg off, and pulls me liver out.  And I said, "My name's not
Clement."  And then he loses his temper.  And he nails me head to the floor.