find: Unsafe File Name Handling
1
1 3.3.2.1 Unsafe File Name Handling
1 .................................
1
1 Because file names can contain quotes, backslashes, blank characters,
1 and even newlines, it is not safe to process them using 'xargs' in its
1 default mode of operation. But since most files' names do not contain
1 blanks, this problem occurs only infrequently. If you are only
1 searching through files that you know have safe names, then you need not
1 be concerned about it.
1
1 Error messages issued by 'find' and 'locate' quote unusual characters
1 in file names in order to prevent unwanted changes in the terminal's
1 state.
1
1 In many applications, if 'xargs' botches processing a file because
1 its name contains special characters, some data might be lost. The
1 importance of this problem depends on the importance of the data and
1 whether anyone notices the loss soon enough to correct it. However,
1 here is an extreme example of the problems that using blank-delimited
1 names can cause. If the following command is run daily from 'cron',
1 then any user can remove any file on the system:
1
1 find / -name '#*' -atime +7 -print | xargs rm
1
1 For example, you could do something like this:
1
1 eg$ echo > '#
1 vmunix'
1
1 and then 'cron' would delete '/vmunix', if it ran 'xargs' with '/' as
1 its current directory.
1
1 To delete other files, for example '/u/joeuser/.plan', you could do
1 this:
1
1 eg$ mkdir '#
1 '
1 eg$ cd '#
1 '
1 eg$ mkdir u u/joeuser u/joeuser/.plan'
1 '
1 eg$ echo > u/joeuser/.plan'
1 /#foo'
1 eg$ cd ..
1 eg$ find . -name '#*' -print | xargs echo
1 ./# ./# /u/joeuser/.plan /#foo
1