Comment 1 Ulrich Müller 2012-12-29 15:28:58 UTC

> as per the manpage and gnu manual
> https://www.gnu.org/software/findutils/manual/html_mono/find.html#Security-
> Considerations-for-find "-exec" should be avoided, especially because of
> race conditions

In ebuild context, directories typically aren't writeable by random users. (If they are, you have a problem anyway.) So unless I'm missing something, this should not be an issue.

> "-execdir" is considered more secure

But much less portable. GNU find cannot be assumed for EAPIs 0 to 4.

(In reply to comment #1)
> > as per the manpage and gnu manual
> > https://www.gnu.org/software/findutils/manual/html_mono/find.html#Security-
> > Considerations-for-find "-exec" should be avoided, especially because of
> > race conditions
> 
> In ebuild context, directories typically aren't writeable by random users.
> (If they are, you have a problem anyway.) So unless I'm missing something,
> this should not be an issue.

We use find also in wrapper scripts. It should at least be updated to regards of non-ebuild usage.

> 
> > "-execdir" is considered more secure
> 
> But much less portable. GNU find cannot be assumed for EAPIs 0 to 4.

from reading the manpage it's at least available in BSD too

*** Bug 449196 has been marked as a duplicate of this bug. ***

Created attachment 333702 [details, diff]
text.xml.diff

other improvements:
- while loop
- more examples
- more detailed table
- show POSIX compliance in table

Comment 5 Markos Chandras (RETIRED) 2013-01-14 20:13:51 UTC

(In reply to comment #4)
> Created attachment 333702 [details, diff] [details, diff]
> text.xml.diff
> 
> other improvements:
> - while loop
> - more examples
> - more detailed table
> - show POSIX compliance in table

looks good to me

Comment 6 Markos Chandras (RETIRED) 2013-01-19 10:15:21 UTC

Please commit it or attach a git formatted patch so I can commit it for you

fixed in 1752d89466e1f0be790b3a82f9a61bab2d1497c5