Info: (find) Further Reading on Security

⇖ Info Catalog ← find: Security Summary ↑ find: Security Considerations

find: Further Reading on Security

1 
1 11.6 Further Reading on Security
1 ================================
1 
1 While there are a number of books on computer security, there are also
1 useful articles on the web that touch on the issues described above:
1 
1 <http://goo.gl/DAvh>
1      This article describes some of the unfortunate effects of allowing
1      free choice of file names.
1 <http://cwe.mitre.org/data/definitions/78.html>
1      Describes OS Command Injection
1 <https://cwe.mitre.org/data/definitions/73.html>
1      Describes problems arising from allowing remote computers to send
1      requests which specify file names of their choice
1 <http://cwe.mitre.org/data/definitions/116.html>
1      Describes problems relating to encoding file names and escaping
1      characters.  This article is relevant to findutils because for
1      command lines processed via the shell, the encoding and escaping
1      rules are already set by the shell.  For example command lines like
1      'find ... -print | some-shell-script' require specific care.
1 <http://xkcd.com/327/>
1      A humorous and pithy summary of the broader problem.
1

⇖ Info Catalog ← find: Security Summary ↑ find: Security Considerations