Please don't top post. It's very annoying.
On 14:51 12 Aug 2004, Kevin Wang <rightsock@xxxxxxxxx> wrote:
| two issues - security and performance. performance was covered
| already. explicitly, xargs can be 100x or more faster.
|
| The security issue I don't remember being explicitly covered.
What security issue?
| find . -exec grep "string" {}
| what happens when you have a filename with a space in it?
| quotes?
| double quotes?
Nothing. No quoting is needed _at_all_! because the shell is not involved in
passing the filename to grep.
| xargs suffers from the same issues, that's why there's the -print0 arg
| for find and -0 arg for xargs - \0 terminated strings are guaranteed,
| as nulls are one of the only invalid filename characters.
Yes, and why I wrote my own less featured xxargs script that doesn't make the
gross design mischoice of handing commands to the shell.
But what you're talking about is not an issue with find and {}.
| sure, 99% of the time it isn't a problem, but when you're writing
| scripts that run as root that are running on a multi user system
| (think thousands of college students with too much time on their hands
| just wanting to break in and read everyone else's email)
A larger issue is that you're doing things as root without knowing how
they work.
Cheers,
--
Cameron Simpson <cs@xxxxxxxxxx> DoD#743
http://www.cskk.ezoshosting.com/cs/
Gov't Employee-ese Meaning
"You need to prepare a total [Someone asked me a question I can't
analysis" even begin to _fake_ answering]
- Catherine Elkins <celkins@xxxxxxxxxxxxxx>
