Follow-up Comment #12, bug #18554 (project findutils):
I agree that
find startpoint -tests ... -exec sh -c 'scp "$@" remote:/dest' sh {} +
has no security problems, because sh is not parsing the arguments. The only
time you have a security problem when passing arbitrary filenames to sh is
when sh is allowed to parse metacharacters in those arguments, but here, the
only metacharacters that sh can parse are contained in the -c argument, 'scp
"$@" remote:/dest'.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?18554>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
_______________________________________________
Bug-findutils mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/bug-findutils
