Path: utzoo!attcan!uunet!wuarchive!zaphod.mps.ohio-state.edu!uakari.primate.wisc.edu!caen!math.lsa.umich.edu!math.lsa.umich.edu!emv
From: emv@math.lsa.umich.edu (Edward Vielmetti)
Newsgroups: comp.unix.shell
Subject: Re: Beware xargs security holes
Message-ID: <EMV.90Oct21232937@picasso.math.lsa.umich.edu>
Date: 22 Oct 90 04:29:37 GMT
References: <63404@iuvax.cs.indiana.edu> <1990Oct9.172621.13484@cbnews.att.com>
	<271653D6.1CE8@tct.uucp> <4062:Oct1518:22:1290@kramden.acf.nyu.edu>
	<3876@awdprime.UUCP> <tim.656101080@ggumby> <3940@awdprime.UUCP>
	<2113@sixhub.UUCP> <4203@umbc3.UMBC.EDU>
Sender: usenet@math.lsa.umich.edu
Organization: University of Michigan Math Dept., Ann Arbor MI.
Lines: 15
In-Reply-To: rouben@math9.math.umbc.edu's message of 21 Oct 90 03:55:00 GMT

In article <4203@umbc3.UMBC.EDU> rouben@math9.math.umbc.edu (Rouben Rostamian) writes:

   I ran this test on Ultrix V4.0 and on a Stardent 3000 (a hybrid SysV/bsd 
   beast.)  In neither test the file was removed.  So no quoting from xargs
   in these cases.

SunOS 4.0.3 also does not remove the file.  Instead it says 

urania /tmp/foo % find . -print | xargs rm
rm: cannot remove `.' or `..'

--Ed

Edward Vielmetti, U of Michigan math dept <emv@math.lsa.umich.edu>
moderator, comp.archives