Info Catalog find: Security Summary find: Security Considerations

find: Further Reading on Security

 
 11.6 Further Reading on Security
 ================================
 
 While there are a number of books on computer security, there are also
 useful articles on the web that touch on the issues described above:
 
 <https://goo.gl/DAvh>
      This article describes some of the unfortunate effects of allowing
      free choice of file names.
 <https://cwe.mitre.org/data/definitions/78.html>
      Describes OS Command Injection
 <https://cwe.mitre.org/data/definitions/73.html>
      Describes problems arising from allowing remote computers to send
      requests which specify file names of their choice
 <https://cwe.mitre.org/data/definitions/116.html>
      Describes problems relating to encoding file names and escaping
      characters.  This article is relevant to findutils because for
      command lines processed via the shell, the encoding and escaping
      rules are already set by the shell.  For example command lines like
      'find ... -print | some-shell-script' require specific care.
 <https://xkcd.com/327/>
      A humorous and pithy summary of the broader problem.
 

Info Catalog find: Security Summary find: Security Considerations