5

I think what I'm talking about is this part of the manpage, which is just barely too indecipherable for me:

   -delete
      ... It will not attempt to delete a filename with a ``/'' character in its
      pathname relative to ``.'' for security reasons...

Specifically, what I'm trying to do is $ find . -name '.svn' -type d -delete. I realize I can use -exec for this instead, but find appears to work without issue for other names, including deep in directories (that obviously contain many / characters in their pathnames).

Perhaps it's ignoring dotfiles instead and the documentation is wrong?

NReilingh
  • 5,883

1 Answers1

4

The "security reason" is that between the time that find is enumerating the files and deleting them, it may be possible for an attacker to modify one component of a file's path such that it becomes a symlink to an unexpected directory, resulting in your deleting a file of the same name from an unexpected directory. For example, you could end up deleting /etc/passwd rather than /tmp/foo/passwd if the attacker can change foo to be a symlink pointing to /etc.

Section 9.1.5 ("A more secure version of -exec") of the GNU find documentation discusses this problem in more detail.

jjlin
  • 16,120