On 10/30/25 09:11, Alejandro Colomar via Bug reports for GNU grep wrote:
... | xargs bash -c "grep $regex ; [[ \$? -le 1 ]]'
and it runs grep no more times than "xargs grep" will.
The problem with something based on
... | xargs bash -c ...
is that it would make it easy to inject commands in the bash script with
malicioulsy crafted files, right?
If an attacker controls the regex you're already in trouble, because the
regex can be arbitrarily slow.
That being said, to avoid the regex being interpreted as shell code, you
can use something like this:
xargs sh -c 'grep -e "$0" -- "$@"; [ $? -le 1 ]' "$regex"
Admittedly a bit awkward, but it works now and it's portable to any
POSIX platform.
If this awkwardness is to be simplified it should be a patch to GNU
xargs not to grep, as programs like diff and cmp behave like grep and
it's not reasonable to add options to them all merely to work around an
xargs awkwardness.
