Newsgroups: comp.unix.shell
Path: utzoo!utgpu!watserv1!watmath!att!cbnewsh!wcs
From: wcs@cbnewsh.att.com (Bill Stewart 201-949-0705 erebus.att.com!wcs)
Subject: Re: Beware xargs security holes
Organization: AT&T Bell Labs Government Communications
Date: Sun, 21 Oct 90 01:36:03 GMT
Message-ID: <1990Oct21.013603.25168@cbnewsh.att.com>
References: <271653D6.1CE8@tct.uucp> <4062:Oct1518:22:1290@kramden.acf.nyu.edu> <SGH6K6D@xds13.ferranti.com>
Lines: 25

In article <SGH6K6D@xds13.ferranti.com>, peter@ficc.ferranti.com (Peter da Silva) writes:
> >  find / -name '#*' -atime +7 -print | xargs rm
> OK, enlighten me. Why is this command run daily on cron on many systems? And
> if it is, what systems are they so I can avoid them?

Many systems, especially universities, have a convention that
filenames beginning with '#' are "marked for death".
Instead of a "real" rm command, most users use a file deletion
command that renames foo as #foo, which can be recovered by an undelete
command, if the user is lucky after having been stupid, and the ls
command may also be hacked not to show them.
Other places use similar conventions.

But even if you DO avoid systems like this, LOTS of places do
	find /tmp /usr/tmp -atime +7 -mtime +7 -print |xargs rm
to clean old stuff out of /tmp, which IS morally acceptable behaviour :-)
And it can be hosed just as easily;
	mkdir /tmp/foo'
	' 
	cd "/tmp/foo?" ; echo gotcha > vmunix
-- 
					Thanks; Bill
# Bill Stewart 908-949-0705 erebus.att.com!wcs AT&T Bell Labs 4M-312 Holmdel NJ
Government is like an elephant on drugs: It's very confused, makes lots of noise,
can't do anything well, stomps on anyone in its way, and it sure eats a lot.