[bug #18554] feat req: -exec cmd {} more args +

Eric Blake Fri, 22 Dec 2006 05:23:54 -0800

Follow-up Comment #12, bug #18554 (project findutils):

I agree that 
find startpoint -tests ... -exec sh -c 'scp "$@" remote:/dest' sh {} + 
has no security problems, because sh is not parsing the arguments.  The only
time you have a security problem when passing arbitrary filenames to sh is
when sh is allowed to parse metacharacters in those arguments, but here, the
only metacharacters that sh can parse are contained in the -c argument, 'scp
"$@" remote:/dest'.



    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?18554>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/



_______________________________________________
Bug-findutils mailing list
Bug-findutils@gnu.org
http://lists.gnu.org/mailman/listinfo/bug-findutils

[bug #18554] feat req: -exec cmd {} more args +

Reply via email to