find: Unsafe File Name Handling

1 
1 3.3.2.1 Unsafe File Name Handling
1 .................................
1 
1 Because file names can contain quotes, backslashes, blank characters,
1 and even newlines, it is not safe to process them using 'xargs' in its
1 default mode of operation.  But since most files' names do not contain
1 blanks, this problem occurs only infrequently.  If you are only
1 searching through files that you know have safe names, then you need not
1 be concerned about it.
1 
1    Error messages issued by 'find' and 'locate' quote unusual characters
1 in file names in order to prevent unwanted changes in the terminal's
1 state.
1 
1    In many applications, if 'xargs' botches processing a file because
1 its name contains special characters, some data might be lost.  The
1 importance of this problem depends on the importance of the data and
1 whether anyone notices the loss soon enough to correct it.  However,
1 here is an extreme example of the problems that using blank-delimited
1 names can cause.  If the following command is run daily from 'cron',
1 then any user can remove any file on the system:
1 
1      find / -name '#*' -atime +7 -print | xargs rm
1 
1    For example, you could do something like this:
1 
1      eg$ echo > '#
1      vmunix'
1 
1 and then 'cron' would delete '/vmunix', if it ran 'xargs' with '/' as
1 its current directory.
1 
1    To delete other files, for example '/u/joeuser/.plan', you could do
1 this:
1 
1      eg$ mkdir '#
1      '
1      eg$ cd '#
1      '
1      eg$ mkdir u u/joeuser u/joeuser/.plan'
1      '
1      eg$ echo > u/joeuser/.plan'
1      /#foo'
1      eg$ cd ..
1      eg$ find . -name '#*' -print | xargs echo
1      ./# ./# /u/joeuser/.plan /#foo
1