Follow-up Comment #7, bug #18554 (project findutils):
Thanks for the (pretty much) official interpretation Geoff.
The findutils documentation would not include an example showing how to
accomplish this with "sh -c" though, because of the disastrous security
implications of passing untrusted data such as filenames to the shell.
In fact I'd recommend that the POSIX revision you're talking about explicitly
point out that this (along with almost any other use of "find ... -exec sh -c
...") is bad security practice.
(I know privileged operations are out of scope for POSIX, but I'd guess that
a form of words can be found that preserves the useful guidance)
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?18554>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
_______________________________________________
Bug-findutils mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/bug-findutils
