diff options
Diffstat (limited to 'docs/SECURITY.md')
| -rw-r--r-- | docs/SECURITY.md | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/docs/SECURITY.md b/docs/SECURITY.md index f26efc5..dd3277a 100644 --- a/docs/SECURITY.md +++ b/docs/SECURITY.md @@ -16,7 +16,7 @@ Anyone with enough control over the command line of `bfs` or any `find`-compatib > It is *always* unsafe to allow *any* other part of the command line to be affected by untrusted input. > Use the `-f` flag, or `-files0-from`, to ensure that the input is interpreted as a path. -This still has security implications, incuding: +This still has security implications, including: - **Information disclosure:** an attacker may learn whether particular files exist by observing `bfs`'s output, exit status, or even side channels like execution time. - **Denial of service:** large directory trees or slow/network storage may cause `bfs` to consume excessive system resources. @@ -116,7 +116,7 @@ Supported versions `bfs` comes with [no warranty](/LICENSE), and is maintained by [me](https://tavianator.com/) and [other volunteers](https://github.com/tavianator/bfs/graphs/contributors) in our spare time. In that sense, there are no *supported* versions. However, as long as I maintain `bfs` I will attempt to address any security issues swiftly. -In general, security fixes will we part of the latest release, though for significant issues I may backport fixes to older release series. +In general, security fixes will be part of the latest release, though for significant issues I may backport fixes to older release series. Reporting a vulnerability |