Path: utzoo!attcan!ncrcan!scocan!troch!john
From: john@sco.COM (John R. MacMillan)
Newsgroups: comp.unix.shell
Subject: Re: Beware xargs security holes
Message-ID: <john.656921455@troch>
Date: 26 Oct 90 06:10:55 GMT
References: <63404@iuvax.cs.indiana.edu> <1990Oct9.172621.13484@cbnews.att.com> <271653D6.1CE8@tct.uucp> <4062:Oct1518:22:1290@kramden.acf.nyu.edu> <3876@awdprime.UUCP> <tim.656101080@ggumby> <3940@awdprime.UUCP> <1890@necisa.ho.necisa.oz> <1990Oct24.010007.817@virte
Sender: news@sco.com (News administration)
Organization: SCO Canada, Inc. (formerly HCR Corporation)
Lines: 23

|It dosn't matter what xargs uses to run the command.  The problem is how
|it parses it's input.  If the input is newline separated and a user can
|add newlines to a filename, then the user can create a file that will
|cause xargs to incorrectly parse it's input.

So check that xargs did indeed parse its input correctly.  Instead of

find / -name '#*' -print | xargs rm -f

use

find / -name '#*' -print | xargs patok '.*/#[^/]*' rm -f --

where patok elimnates arguments that don't match the pattern.
Shouldn't be tough to write.  It wouldn't remove files with newlines,
but if patok complains about non-matches, you could find them later and
go slap the file owner's wrist.

Sound reasonable?
-- 
John R. MacMillan       | I'm in love with a McDonald's girl
SCO Canada, Inc.        | She's an angel in a polyester uniform.
john@sco.COM            |      -- barenaked ladies