find: Unsafe File Name Handling
3.3.2.1 Unsafe File Name Handling
.................................
Because file names can contain quotes, backslashes, blank characters,
and even newlines, it is not safe to process them using 'xargs' in its
default mode of operation. But since most files' names do not contain
blanks, this problem occurs only infrequently. If you are only
searching through files that you know have safe names, then you need not
be concerned about it.
Error messages issued by 'find' and 'locate' quote unusual characters
in file names in order to prevent unwanted changes in the terminal's
state.
In many applications, if 'xargs' botches processing a file because
its name contains special characters, some data might be lost. The
importance of this problem depends on the importance of the data and
whether anyone notices the loss soon enough to correct it. However,
here is an extreme example of the problems that using blank-delimited
names can cause. If the following command is run daily from 'cron',
then any user can remove any file on the system:
find / -name '#*' -atime +7 -print | xargs rm
For example, you could do something like this:
eg$ echo > '#
vmunix'
and then 'cron' would delete '/vmunix', if it ran 'xargs' with '/' as
its current directory.
To delete other files, for example '/u/joeuser/.plan', you could do
this:
eg$ mkdir '#
'
eg$ cd '#
'
eg$ mkdir u u/joeuser u/joeuser/.plan'
'
eg$ echo > u/joeuser/.plan'
/#foo'
eg$ cd ..
eg$ find . -name '#*' -print | xargs echo
./# ./# /u/joeuser/.plan /#foo
Info Catalog
find: Multiple Files
find: Safe File Name Handling