There are currently 88 ebuilds using the 'find' together with 'xargs' in a vulnerable manner. Instead of using $>find . -type d -name 'CVS' -print | xargs rm -rf it is recommended to use $>find . -type d -name 'CVS' -print0 | xargs -0 rm -rf to prevent issues with uncommon file names. Reproducible: Always Steps to Reproduce: 1./cd /usr/portage 2.find . -type f -name '*.ebuild' -exec grep -H find {} \; | grep xargs | grep rm | grep -v print0 3.
please include a list of the problem ebuilds.
Created attachment 53331 [details] all affected ebuilds all ebuilds, command was $>find /usr/portage/ -type f -name '*.ebuild' -print0 | xargs -0 grep xargs | grep rm | grep -v print0 | cut -f1 -d' ' > find.txt
Created attachment 53333 [details] better grep of affected ebuilds find /usr/portage/ -type f -name '*.ebuild' -print0 | xargs -0 egrep "find.*xargs.* rm" | grep -v print0 > find.txt
Created attachment 53335 [details] all ebuilds with 'find ... | xargs ... chmod ...' lines used command: $>find /usr/portage/ -type f -name '*.ebuild' -print0 | xargs -0 egrep "find.*xargs.*chmod" | grep -v -e print0 -e 'rm -rf' > find.txt
really packages should only use 'rm -rf' if they know for sure 'rm -r' wont work ...
Why don't you use '-exec command {} \;' instead of xargs? Like in "find . -iname 'foobar' -exec the_command {} \;"
because that'll runs chmod a lot more than if you use xargs
Created attachment 73183 [details] output of the command below currently 15 ebuilds found with the command $> find /usr/portage/ -type f -name '*.ebuild' -print0 | xargs -0 egrep "find.*xargs.*chmod" | grep -v -e print0 -e 'rm -rf' > find.txt
Created attachment 78155 [details] output of the command seen below find /usr/portage/ -type f -name '*.ebuild' -print0 | xargs -0 egrep "find.*xargs.*chmod" | grep -v -e print0 -e 'rm -rf'
close this bug, should be included in a general guideline of writing ebuilds