Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!wuarchive!mit-eddie!bloom-beacon!eru!hagbard!sunic!dkuug!freja.diku.dk!rimfaxe.diku.dk!nomann
From: nomann@rimfaxe.diku.dk (Ole Nomann Thomsen)
Newsgroups: comp.unix.shell
Subject: Re: Beware xargs security holes
Message-ID: <1990Oct23.150716.6989@diku.dk>
Date: 23 Oct 90 15:07:16 GMT
References: <63404@iuvax.cs.indiana.edu> <1990Oct9.172621.13484@cbnews.att.com> <271653D6.1CE8@tct.uucp> <4062:Oct1518:22:1290@kramden.acf.nyu.edu> <3876@awdprime.UUCP> <tim.656101080@ggumby> <3940@awdprime.UUCP> <2113@sixhub.UUCP>
Sender: news@diku.dk (The Netnews System)
Organization: Department Of Computer Science, University Of Copenhagen
Lines: 20

davidsen@sixhub.UUCP (Wm E. Davidsen Jr) writes:


>  It *appears* that xenix quotes its arguments in xargs, since I did a
>small and cautious test and it worked all right. ...

No:
touch "foo bar"
find . -type f -print | xargs ls -l
# Produces:
./foo not found
bar not found
...
# ["ls -l"s deleted]
# on Xenix 2.3.2 .


- Ole. (nomann@diku.dk).

"Information is not knowledge" - Frank Zappa.