3.3.2.1 Unsafe File Name Handling

Because file names can contain quotes, backslashes, blank characters, and even newlines, it is not safe to process them using xargs in its default mode of operation. But since most files’ names do not contain blanks, this problem occurs only infrequently. If you are only searching through files that you know have safe names, then you need not be concerned about it.

Error messages issued by find and locate quote unusual characters in file names in order to prevent unwanted changes in the terminal’s state.

In many applications, if xargs botches processing a file because its name contains special characters, some data might be lost. The importance of this problem depends on the importance of the data and whether anyone notices the loss soon enough to correct it. However, here is an extreme example of the problems that using blank-delimited names can cause. If the following command is run daily from cron, then any user can remove any file on the system:

find / -name '#*' -atime +7 -print | xargs rm

For example, you could do something like this:

eg$ echo > '#
vmunix'

and then cron would delete /vmunix, if it ran xargs with / as its current directory.

To delete other files, for example /u/joeuser/.plan, you could do this:

eg$ mkdir '#
'
eg$ cd '#
'
eg$ mkdir u u/joeuser u/joeuser/.plan'
'
eg$ echo > u/joeuser/.plan'
/#foo'
eg$ cd ..
eg$ find . -name '#*' -print | xargs echo
./# ./# /u/joeuser/.plan /#foo