Follow-up Comment #12, bug #18554 (project findutils): I agree that find startpoint -tests ... -exec sh -c 'scp "$@" remote:/dest' sh {} + has no security problems, because sh is not parsing the arguments. The only time you have a security problem when passing arbitrary filenames to sh is when sh is allowed to parse metacharacters in those arguments, but here, the only metacharacters that sh can parse are contained in the -c argument, 'scp "$@" remote:/dest'.
_______________________________________________________ Reply to this item at: <http://savannah.gnu.org/bugs/?18554> _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ _______________________________________________ Bug-findutils mailing list Bug-findutils@gnu.org http://lists.gnu.org/mailman/listinfo/bug-findutils