Paul Eggert <[email protected]> writes:
> On 10/30/25 09:11, Alejandro Colomar via Bug reports for GNU grep wrote:
>>> ... | xargs bash -c "grep $regex ; [[ \$? -le 1 ]]'
>>>
>>> and it runs grep no more times than "xargs grep" will.
>> The problem with something based on
>> ... | xargs bash -c ...
>> is that it would make it easy to inject commands in the bash script
>> with
>> malicioulsy crafted files, right?
>
> If an attacker controls the regex you're already in trouble, because
> the regex can be arbitrarily slow.
Or exhaust your systems memory in the case of:
$ grep -E 'a+++++++++++++++++++++++++++++++++++++++' COPYING
Among many others. :)
Collin
