[bug #18554] feat req: -exec cmd {} more args +

bug-findutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #18554] feat req: -exec cmd {} more args +

From:	Eric Blake
Subject:	[bug #18554] feat req: -exec cmd {} more args +
Date:	Fri, 22 Dec 2006 13:23:38 +0000
User-agent:	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.9) Gecko/20061206 Firefox/1.5.0.9 Mnenhy/0.7.4.666

Follow-up Comment #12, bug #18554 (project findutils):

I agree that 
find startpoint -tests ... -exec sh -c 'scp "$@" remote:/dest' sh {} + 
has no security problems, because sh is not parsing the arguments.  The only
time you have a security problem when passing arbitrary filenames to sh is
when sh is allowed to parse metacharacters in those arguments, but here, the
only metacharacters that sh can parse are contained in the -c argument, 'scp
"$@" remote:/dest'.


    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?18554>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[bug #18554] feat req: -exec cmd {} more args +, (continued)

Prev by Date: [bug #18554] feat req: -exec cmd {} more args +
Next by Date: [bug #18576] -execdir vs. PATH
Previous by thread: [bug #18554] feat req: -exec cmd {} more args +
Next by thread: [bug #18554] feat req: -exec cmd {} more args +
Index(es):
- Date
- Thread