Path: utzoo!utgpu!watserv1!watmath!att!att!pacbell.com!ucsd!sdd.hp.com!samsung!munnari.oz.au!metro!cluster!necisa!boyd
From: boyd@necisa.ho.necisa.oz (Boyd Roberts)
Newsgroups: comp.unix.shell
Subject: Re: Beware xargs security holes
Message-ID: <1890@necisa.ho.necisa.oz>
Date: 23 Oct 90 08:19:50 GMT
References: <63404@iuvax.cs.indiana.edu> <1990Oct9.172621.13484@cbnews.att.com> <271653D6.1CE8@tct.uucp> <4062:Oct1518:22:1290@kramden.acf.nyu.edu> <3876@awdprime.UUCP> <tim.656101080@ggumby> <3940@awdprime.UUCP>
Organization: NEC Information Systems Australia Pty. Ltd.
Lines: 20

In article <3940@awdprime.UUCP> tif@doorstop.austin.ibm.com (Paul Chamberlain) writes:
>
>In any case, I've yet to see how "a malicious user [could]
>remove every file on the system."
>

Nor can I.  Since when did xargs(1) use system(3)?

A malicious user may be able to embed newlines in filenames,
but that's not going to trash the _whole_ file-system.

If someone did change xargs(1) to use system(3) it's obviously been broken.
Using system(3) raises all sorts of revolting shell quoting problems -- not
to mention the security holes.



Boyd Roberts			boyd@necisa.ho.necisa.oz.au

``When the going gets wierd, the weird turn pro...''