Info Catalog find: Security Considerations for find find: Security Considerations find: Security Considerations for locate

find: Security Considerations for xargs

1 
1 11.3 Security Considerations for 'xargs'
1 ========================================
1 
1 The description of the race conditions affecting the '-print' action of
1 'find' shows that 'xargs' cannot be secure if it is possible for an
1 attacker to modify a filesystem after 'find' has started but before
1 'xargs' has completed all its actions.
1 
1    However, there are other security issues that exist even if it is not
1 possible for an attacker to have access to the filesystem in real time.
1 Firstly, if it is possible for an attacker to create files with names of
1 their choice on the filesystem, then 'xargs' is insecure unless the '-0'
1 option is used.  If a file with the name
1 '/home/someuser/foo/bar\n/etc/passwd' exists (assume that '\n' stands
1 for a newline character), then 'find ... -print' can be persuaded to
1 print three separate lines:
1 
1      /home/someuser/foo/bar
1 
1      /etc/passwd
1 
1    If it finds a blank line in the input, 'xargs' will ignore it.
1 Therefore, if some action is to be taken on the basis of this list of
1 files, the '/etc/passwd' file would be included even if this was not the
1 intent of the person running find.  There are circumstances in which an
1 attacker can use this to their advantage.  The same consideration
1 applies to file names containing ordinary spaces rather than newlines,
1 except that of course the list of file names will no longer contain an
1 "extra" newline.
1 
1    This problem is an unavoidable consequence of the default behaviour
1 of the 'xargs' command, which is specified by the POSIX standard.  The
1 only ways to avoid this problem are either to avoid all use of 'xargs'
1 in favour for example of 'find -exec' or (where available) 'find
1 -execdir', or to use the '-0' option, which ensures that 'xargs'
1 considers file names to be separated by ASCII NUL characters rather than
1 whitespace.  However, useful as this option is, the POSIX standard does
1 not make it mandatory.
1 
1    POSIX also specifies that 'xargs' interprets quoting and trailing
1 whitespace specially in filenames, too.  This means that using 'find ...
1 -print | xargs ...' can cause the commands run by 'xargs' to receive a
1 list of file names which is not the same as the list printed by 'find'.
1 The interpretation of quotes and trailing whitespace is turned off by
1 the '-0' argument to 'xargs', which is another reason to use that
1 option.
1
Info Catalog find: Security Considerations for find find: Security Considerations find: Security Considerations for locate