changing directory permissions recursively

Uwe Doering gemini at
Fri Apr 9 02:20:47 PDT 2004

Cory Petkovsek wrote:
> On Fri, Apr 09, 2004 at 08:47:07AM +0200, Uwe Doering wrote:
>>>cd $topdir
>>>find . -type d | xargs chmod 755
>>In case (potentially) untrusted users have had write permission in this 
>>directory tree in the past, a safer alternative would be
>>  find /path/to/tree/root -type d -print0 | xargs -0 chmod 755
> Please explain the "safer" difference in your eyes, Uwe.  Are you thinking the
> admin might have ./ in their path?

No, but specially crafted file names can contain spaces and newlines. 
Since xargs(1) by default considers whitespace to be argument separators 
users can easily inject absolute paths to files somewhere else in the 
filesystem and wreak havoc this way.  They just have to wait until 
'root' traverses over their files with 'find' and 'xargs'.

The '0' options for find(1) and xargs(1) have been introduced to counter 
these attacks.

Uwe Doering         |  EscapeBox - Managed On-Demand UNIX Servers
gemini at  |

More information about the freebsd-questions mailing list