Path: utzoo!attcan!uunet!timbuk!cs.umn.edu!ub.d.umn.edu!rutgers!usc!samsung!munnari.oz.au!metro!wolfen!cs.uow.edu.au!david
From: david@cs.uow.edu.au (David E A Wilson)
Newsgroups: comp.unix.shell
Subject: Re: Beware xargs security holes
Message-ID: <1990Oct26.123801.14131@cs.uow.edu.au>
Date: 26 Oct 90 12:38:01 GMT
References: <63404@iuvax.cs.indiana.edu> <1990Oct9.172621.13484@cbnews.att.com> <271653D6.1CE8@tct.uucp> <4062:Oct1518:22:1290@kramden.acf.nyu.edu> <3876@awdprime.UUCP> <tim.656101080@ggumby> <3940@awdprime.UUCP> <1890@necisa.ho.necisa.oz> <1990Oct24.010007.817@virte
Organization: Dept of Computer Science, Wollongong University
Lines: 16

At least with SunOS 4.1 the manual page describes exactly what characters
will cause problems.

     Arguments read in from the standard input are defined to  be
     contiguous  strings  of characters delimited by white space.
     Empty lines are always discarded.  Blanks and  tabs  may  be
     embedded  as  part  of  an  argument  if they are escaped or
     quoted.  Characters enclosed in quotes  (single  or  double)
     are  taken literally, and the delimiting quotes are removed.
     Outside of quoted strings, a `\' (backslash) will escape the
     character it precedes.

Newlines cannot be part of an argument and spaces & quotes would cause so many
problems that you would have to preceed each character with a \ to be sure.
-- 
David Wilson	Dept Comp Sci, Uni of Wollongong	david@cs.uow.edu.au