[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #18554] feat req: -exec cmd {} more args +

From: Eric Blake
Subject: [bug #18554] feat req: -exec cmd {} more args +
Date: Fri, 22 Dec 2006 13:23:38 +0000
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20061206 Firefox/ Mnenhy/

Follow-up Comment #12, bug #18554 (project findutils):

I agree that 
find startpoint -tests ... -exec sh -c 'scp "$@" remote:/dest' sh {} + 
has no security problems, because sh is not parsing the arguments.  The only
time you have a security problem when passing arbitrary filenames to sh is
when sh is allowed to parse metacharacters in those arguments, but here, the
only metacharacters that sh can parse are contained in the -c argument, 'scp
"$@" remote:/dest'.


Reply to this item at:


  Message sent via/by Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]