as per the manpage and gnu manual https://www.gnu.org/software/findutils/manual/html_mono/find.html#Security-Considerations-for-find "-exec" should be avoided, especially because of race conditions "-execdir" is considered more secure the devmanual should warn about this
> as per the manpage and gnu manual > https://www.gnu.org/software/findutils/manual/html_mono/find.html#Security- > Considerations-for-find "-exec" should be avoided, especially because of > race conditions In ebuild context, directories typically aren't writeable by random users. (If they are, you have a problem anyway.) So unless I'm missing something, this should not be an issue. > "-execdir" is considered more secure But much less portable. GNU find cannot be assumed for EAPIs 0 to 4.
(In reply to comment #1) > > as per the manpage and gnu manual > > https://www.gnu.org/software/findutils/manual/html_mono/find.html#Security- > > Considerations-for-find "-exec" should be avoided, especially because of > > race conditions > > In ebuild context, directories typically aren't writeable by random users. > (If they are, you have a problem anyway.) So unless I'm missing something, > this should not be an issue. We use find also in wrapper scripts. It should at least be updated to regards of non-ebuild usage. > > > "-execdir" is considered more secure > > But much less portable. GNU find cannot be assumed for EAPIs 0 to 4. from reading the manpage it's at least available in BSD too
*** Bug 449196 has been marked as a duplicate of this bug. ***
Created attachment 333702 [details, diff] text.xml.diff other improvements: - while loop - more examples - more detailed table - show POSIX compliance in table
(In reply to comment #4) > Created attachment 333702 [details, diff] [details, diff] > text.xml.diff > > other improvements: > - while loop > - more examples > - more detailed table > - show POSIX compliance in table looks good to me
Please commit it or attach a git formatted patch so I can commit it for you
fixed in 1752d89466e1f0be790b3a82f9a61bab2d1497c5