Previous: Security Summary, Up: Security Considerations


11.6 Further Reading on Security

While there are a number of books on computer security, there are also useful articles on the web that touch on the issues described above:

http://goo.gl/DAvh
This article describes some of the unfortunate effects of allowing free choice of file names.
http://cwe.mitre.org/data/definitions/78.html
Describes OS Command Injection
https://cwe.mitre.org/data/definitions/73.html
Describes problems arising from allowing remote computers to send requests which specify file names of their choice
http://cwe.mitre.org/data/definitions/116.html
Describes problems relating to encoding file names and escaping characters. This article is relevant to findutils because for command lines processed via the shell, the encoding and escaping rules are already set by the shell. For example command lines like find ... -print | some-shell-script require specific care.
http://xkcd.com/327/
A humorous and pithy summary of the broader problem.