find: Further Reading on Security
1
1 11.6 Further Reading on Security
1 ================================
1
1 While there are a number of books on computer security, there are also
1 useful articles on the web that touch on the issues described above:
1
1 <http://goo.gl/DAvh>
1 This article describes some of the unfortunate effects of allowing
1 free choice of file names.
1 <http://cwe.mitre.org/data/definitions/78.html>
1 Describes OS Command Injection
1 <https://cwe.mitre.org/data/definitions/73.html>
1 Describes problems arising from allowing remote computers to send
1 requests which specify file names of their choice
1 <http://cwe.mitre.org/data/definitions/116.html>
1 Describes problems relating to encoding file names and escaping
1 characters. This article is relevant to findutils because for
1 command lines processed via the shell, the encoding and escaping
1 rules are already set by the shell. For example command lines like
1 'find ... -print | some-shell-script' require specific care.
1 <http://xkcd.com/327/>
1 A humorous and pithy summary of the broader problem.
1