85053 – 'find ... -print | xargs rm -rf' versus 'find ... -print0 | xargs -0 rm -rf'

Bug 85053 - 'find ... -print | xargs rm -rf' versus 'find ... -print0 | xargs -0 rm -rf'

Summary: 'find ... -print | xargs rm -rf' versus 'find ... -print0 | xargs -0 rm -rf'

Status:	RESOLVED CANTFIX

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Development (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Quality Assurance Team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2005-03-13 01:48 UTC by Toralf Förster
Modified:	2007-02-14 11:56 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
all affected ebuilds (find.txt,5.73 KB, text/plain) 2005-03-13 06:39 UTC, Toralf Förster	Details
better grep of affected ebuilds (find.txt,7.88 KB, text/plain) 2005-03-13 06:44 UTC, Toralf Förster	Details
all ebuilds with 'find ... \| xargs ... chmod ...' lines (find.txt,4.89 KB, text/plain) 2005-03-13 06:50 UTC, Toralf Förster	Details
output of the command below (find.txt,2.68 KB, text/plain) 2005-11-19 08:51 UTC, Toralf Förster	Details
output of the command seen below (find.txt,3.36 KB, text/plain) 2006-01-26 05:16 UTC, Toralf Förster	Details
Show Obsolete (4) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Toralf Förster gentoo-dev

2005-03-13 01:48:15 UTC

There are currently 88 ebuilds using the 'find' together with 'xargs' in a vulnerable manner. Instead of using
$>find . -type d -name 'CVS' -print | xargs rm -rf
it is recommended to use
$>find . -type d -name 'CVS' -print0 | xargs -0 rm -rf
to prevent issues with uncommon file names.


Reproducible: Always
Steps to Reproduce:
1./cd /usr/portage
2.find . -type f -name '*.ebuild' -exec grep -H find {} \; | grep xargs | grep rm | grep -v print0
3.

Comment 1 Robin Johnson archtester

2005-03-13 03:25:52 UTC

please include a list of the problem ebuilds.

Comment 2 Toralf Förster gentoo-dev

2005-03-13 06:39:19 UTC

Created attachment 53331 [details]
all affected ebuilds

all ebuilds, command was
$>find /usr/portage/ -type f -name '*.ebuild' -print0 | xargs -0 grep xargs |
grep rm | grep -v print0 | cut -f1 -d' ' > find.txt

Comment 3 Toralf Förster gentoo-dev

2005-03-13 06:44:42 UTC

Created attachment 53333 [details]
better grep of affected ebuilds

find /usr/portage/ -type f -name '*.ebuild' -print0 | xargs -0 egrep
"find.*xargs.* rm" | grep -v print0 > find.txt

Comment 4 Toralf Förster gentoo-dev

2005-03-13 06:50:36 UTC

Created attachment 53335 [details]
all ebuilds with 'find ... | xargs ... chmod ...' lines

used command:
$>find /usr/portage/ -type f -name '*.ebuild' -print0 | xargs -0 egrep
"find.*xargs.*chmod" | grep -v -e print0 -e 'rm -rf' > find.txt

Comment 5 SpanKY gentoo-dev

2005-03-14 06:18:39 UTC

really packages should only use 'rm -rf' if they know for sure 'rm -r' wont work ...

Comment 6 Gioele Barabucci 2005-07-18 15:51:59 UTC

Why don't you use '-exec command {} \;' instead of xargs?  
Like in "find . -iname 'foobar' -exec the_command {} \;"

Comment 7 SpanKY gentoo-dev

2005-07-18 19:51:15 UTC

because that'll runs chmod a lot more than if you use xargs

Comment 8 Toralf Förster gentoo-dev

2005-11-19 08:51:29 UTC

Created attachment 73183 [details]
output of the command below

currently 15 ebuilds found with the command 
$> find /usr/portage/ -type f -name '*.ebuild' -print0 | xargs -0 egrep
"find.*xargs.*chmod" | grep -v -e print0 -e 'rm -rf' > find.txt

Comment 9 Toralf Förster gentoo-dev

2006-01-26 05:16:35 UTC

Created attachment 78155 [details]
output of the command seen below

find /usr/portage/ -type f -name '*.ebuild' -print0 | xargs -0 egrep "find.*xargs.*chmod" | grep -v -e print0 -e 'rm -rf'

Comment 10 Toralf Förster gentoo-dev

2007-02-14 11:56:48 UTC

close this bug, should be included in a general guideline of writing ebuilds