@@ 55,7 55,13 @@ def enumerate_backups(config):
 
     logging.info("enumerating backups on remote host...")
 
-    command = [ "find", config['destination_path'], "-type", "d", "-iname", "'_rtm_*'"]
+    # XXX: there are two ways that this might break in the future:
+    #
+    # * ls -1 is not safe against adversarial inputs, as it is not
+    #   null-delimited
+    #
+    # * this will break if config['destination_path'] is not a POSIX-style path
+    command = [ "ls", "-1", "-d", config['destination_path'] + "/_rtm_*" ]
     backups = run_ssh_command(config, command)
 
     complete = []