> If 'xargs' is currently so broken that it runs the command thru
> 'sh -c' first or something, then we deserve to be bitten by this.

No, it doesn't; but you've misunderstood the problem.

> ...which means that "rm" gets called with, say "foo; chmod 666 /etc/passwd"
> or "foo\nchmod 666 /etc/passwd" (s/passwd/master.&/g) which would
> properly produce [an error]

The problem isn't embedding commands.  The problem is, if someone has
(say) a file /tmp/foo\n/etc/master.passwd (which is trivial to create,
if that oddly-named directory doesn't already exist), and root runs

# find /tmp/. -.... -print | xargs rm

then xargs will take the \n in the filename as an argument-separating
newline and cheerfully nuke /etc/master.passwd.

Of course, making it

# find /tmp/. -.... -print0 | xargs -0 rm

will cure this...but those are nonstandard.  (I have never been able to
figure out what POSIX xargs is supposed to be good for; it not only has
this problem but also does a lot more parsing on its input, making it
essentially useless for the stuff it normally gets used for.  A
_useful_ xargs is so trivial to write that I see no excuse for not
always having one on hand.  (I will happily mail mine to anyone who
mails me privately asking for it.))

					der Mouse

			       mouse@rodents.montreal.qc.ca
		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B