Previous: Race Conditions with -exec, Up: Security Considerations for find
The ‘-print’ and ‘-print0’ actions can be used to produce a
list of files matching some criteria, which can then be used with some
other command, perhaps with xargs. Unfortunately, this means
that there is an unavoidable time gap between find deciding
that one or more files meet its criteria and the relevant command
being executed. For this reason, the ‘-print’ and ‘-print0’
actions are just as insecure as ‘-exec’.
In fact, since the construction
find ... -print | xargs ...
does not cope correctly with newlines or other “white space” in file names, and copes poorly with file names containing quotes, the ‘-print’ action is less secure even than ‘-print0’.