Path: utzoo!attcan!uunet!cs.utexas.edu!yale!cmcl2!kramden.acf.nyu.edu!brnstnd
From: brnstnd@kramden.acf.nyu.edu (Dan Bernstein)
Newsgroups: comp.unix.shell
Subject: Re: Beware xargs security holes
Message-ID: <26674:Oct2220:09:0790@kramden.acf.nyu.edu>
Date: 22 Oct 90 20:09:07 GMT
References: <4203@umbc3.UMBC.EDU> <3484@idunno.Princeton.EDU> <1990Oct21.223729.10521@chinet.chi.il.us>
Organization: IR
Lines: 14

In article <1990Oct21.223729.10521@chinet.chi.il.us> les@chinet.chi.il.us (Leslie Mikesell) writes:
> Even if you eliminate part of the problem by using a '\0' delimiter
> to syncronize find and xargs, you can still get into trouble with a
> file named "-r" appearing at the front of an argument list that might
> also mention directories.

No, you can't. As long as find is invoked upon a fixed directory name
(like . or / or /tmp), every name it prints will start with that. So

  find / -name core -atime +7 -print0 | xargs -0 rm

will be safe. You can always use rm --, but there's no need to.

---Dan