[bug #18554] feat req: -exec cmd {} more args +

bug-findutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #18554] feat req: -exec cmd {} more args +

From:	James Youngman
Subject:	[bug #18554] feat req: -exec cmd {} more args +
Date:	Fri, 22 Dec 2006 12:37:15 +0000
User-agent:	Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.0.8) Gecko/20061115 Ubuntu/dapper-security Firefox/1.5.0.8

Follow-up Comment #7, bug #18554 (project findutils):

Thanks for the (pretty much) official interpretation Geoff.

The findutils documentation would not include an example showing how to
accomplish this with "sh -c" though, because of the disastrous security
implications of passing untrusted data such as filenames to the shell.   

In fact I'd recommend that the POSIX revision you're talking about explicitly
point out that this (along with almost any other use of "find ... -exec sh -c
...") is bad security practice.

(I know privileged operations are out of scope for POSIX, but I'd guess that
a form of words can be found that preserves the useful guidance)



    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?18554>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[bug #18554] feat req: -exec cmd {} more args +, Egmont Koblinger, 2006/12/19
- [bug #18554] feat req: -exec cmd {} more args +, Andreas Metzler, 2006/12/19
  - [bug #18554] feat req: -exec cmd {} more args +, Egmont Koblinger, 2006/12/19
    - [bug #18554] feat req: -exec cmd {} more args +, James Youngman, 2006/12/20
    - [bug #18554] feat req: -exec cmd {} more args +, James Youngman, 2006/12/20
    - [bug #18554] feat req: -exec cmd {} more args +, James Youngman, 2006/12/20
    - [bug #18554] feat req: -exec cmd {} more args +, Egmont Koblinger, 2006/12/20
    - [bug #18554] feat req: -exec cmd {} more args +, Geoff Clare, 2006/12/22
    - [bug #18554] feat req: -exec cmd {} more args +, James Youngman <=
    - [bug #18554] feat req: -exec cmd {} more args +, James Youngman, 2006/12/22
    - [bug #18554] feat req: -exec cmd {} more args +, James Youngman, 2006/12/22
    - [bug #18554] feat req: -exec cmd {} more args +, Geoff Clare, 2006/12/22
    - [bug #18554] feat req: -exec cmd {} more args +, Egmont Koblinger, 2006/12/22
    - [bug #18554] feat req: -exec cmd {} more args +, Egmont Koblinger, 2006/12/22
    - [bug #18554] feat req: -exec cmd {} more args +, Eric Blake, 2006/12/22
    - [bug #18554] feat req: -exec cmd {} more args +, Geoff Clare, 2006/12/22
    - [bug #18554] feat req: -exec cmd {} more args +, James Youngman, 2006/12/22
    - [bug #18554] feat req: -exec cmd {} more args +, Eric Blake, 2006/12/22

Prev by Date: [bug #18554] feat req: -exec cmd {} more args +
Next by Date: [bug #18554] feat req: -exec cmd {} more args +
Previous by thread: [bug #18554] feat req: -exec cmd {} more args +
Next by thread: [bug #18554] feat req: -exec cmd {} more args +
Index(es):
- Date
- Thread