There are some security risks inherent in the use of
xargs and (to a lesser extent)
locate. The severity of
these risks depends on what sort of system you are using:
Multi-user systems where you do not control (or trust) the other
users, and on which you execute
find, including areas where
those other users can manipulate the filesystem (for example beneath
/home or /tmp).
Systems where the actions of other users can create file names chosen
by them, but to which they don’t have access while
being run. This access might include leaving programs running (shell
cron tasks, for example). On
these sorts of systems, carefully written commands (avoiding use of
‘-print’ for example) should not expose you to a high degree of
risk. Most systems fall into this category.
Systems to which untrusted parties do not have access, cannot create file names of their own choice (even remotely) and which contain no security flaws which might enable an untrusted third party to gain access. Most systems do not fall into this category because there are many ways in which external parties can affect the names of files that are created on your system. The system on which I am writing this for example automatically downloads software updates from the Internet; the names of the files in which these updates exist are chosen by third parties2.
In the discussion above, “risk” denotes the likelihood that someone
locate or some other
program which is controlled by them to do something you did not
intend. The levels of risk suggested do not take any account of the
consequences of this sort of event. That is, if you operate a “low
risk” type system, but the consequences of a security problem are
disastrous, then you should still give serious thought to all the
possible security problems, many of which of course will not be
discussed here – this section of the manual is intended to be
informative but not comprehensive or exhaustive.
If you are responsible for the operation of a system where the consequences of a security problem could be very important, you should do two things:
Of course, I trust these parties to a large extent anyway, because I install software provided by them; I choose to trust them in this way, and that’s a deliberate choice