Path: utzoo!attcan!uunet!seismo!dimacs.rutgers.edu!rutgers!mit-eddie!uw-beaver!zephyr.ens.tek.com!tektronix!nosun!qiclab!onion!jeff
From: jeff@onion.pdx.com (Jeff Beadles)
Newsgroups: comp.unix.shell
Subject: Re: Beware xargs security holes
Message-ID: <1990Oct23.053423.15809@onion.pdx.com>
Date: 23 Oct 90 05:34:23 GMT
References: <3940@awdprime.UUCP> <2113@sixhub.UUCP> <4203@umbc3.UMBC.EDU>
Organization: Little to none.
Lines: 41

Well, under the 4.2 BSD based system I have here (Tektronix 4.1 UTek)
it appears that xargs IS quoting it's arguements.  Here's the test that I did,
that's fairly safe to run.

If xargs was not quoting it's arguements, then all files starting with 'a'
would have been deleted.

Script started on Mon Oct 22 22:29:31 1990
jo:jeff> cd /usr/tmp
jo:tmp> ls -al
total 2
drwxrwxrwx  2 root          512 Oct 22 22:29 .
drwxr-xr-x 21 sys           512 Oct 19 23:18 ..
jo:tmp> touch 'a' 'a*' 'aa' 'aaa' 'aaaa'
jo:tmp> ls -al
total 2
drwxrwxrwx  2 root          512 Oct 22 22:29 .
drwxr-xr-x 21 sys           512 Oct 19 23:18 ..
-rw-r--r--  1 jeff            0 Oct 22 22:29 a
-rw-r--r--  1 jeff            0 Oct 22 22:29 a*
-rw-r--r--  1 jeff            0 Oct 22 22:29 aa
-rw-r--r--  1 jeff            0 Oct 22 22:29 aaa
-rw-r--r--  1 jeff            0 Oct 22 22:29 aaaa
jo:tmp> find . -name 'a?' -print | xargs -t rm -f
rm -f ./a* ./aa 
jo:tmp> ls -al
total 2
drwxrwxrwx  2 root          512 Oct 22 22:30 .
drwxr-xr-x 21 sys           512 Oct 19 23:18 ..
-rw-r--r--  1 jeff            0 Oct 22 22:29 a
-rw-r--r--  1 jeff            0 Oct 22 22:29 aaa
-rw-r--r--  1 jeff            0 Oct 22 22:29 aaaa
jo:tmp> exit
script done on Mon Oct 22 22:30:30 1990


A sigh of relief... :-)

	-Jeff
-- 
Jeff Beadles		jeff@onion.pdx.com