Beware xargs security holes
Conor P. Cahill
cpcahil at virtech.uucp
Wed Oct 24 11:00:07 AEST 1990
In article <1890 at necisa.ho.necisa.oz> boyd at necisa.ho.necisa.oz (Boyd Roberts) writes:
>Nor can I. Since when did xargs(1) use system(3)?
It dosn't matter what xargs uses to run the command. The problem is how
it parses it's input. If the input is newline separated and a user can
add newlines to a filename, then the user can create a file that will
cause xargs to incorrectly parse it's input.
--
Conor P. Cahill (703)430-9247 Virtual Technologies, Inc.,
uunet!virtech!cpcahil 46030 Manekin Plaza, Suite 160
Sterling, VA 22170
More information about the Comp.unix.shell
mailing list