229 lines
3.9 KiB
HTML
229 lines
3.9 KiB
HTML
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>Conclusion</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
|
|
REL="HOME"
|
|
TITLE="Secure Programming for Linux and Unix HOWTO"
|
|
HREF="index.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="Miscellaneous"
|
|
HREF="miscellaneous.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="Bibliography"
|
|
HREF="bibliography.html"></HEAD
|
|
><BODY
|
|
CLASS="CHAPTER"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
SUMMARY="Header navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>Secure Programming for Linux and Unix HOWTO</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="miscellaneous.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
></TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="bibliography.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="CHAPTER"
|
|
><H1
|
|
><A
|
|
NAME="CONCLUSION"
|
|
></A
|
|
>Chapter 12. Conclusion</H1
|
|
><TABLE
|
|
BORDER="0"
|
|
WIDTH="100%"
|
|
CELLSPACING="0"
|
|
CELLPADDING="0"
|
|
CLASS="EPIGRAPH"
|
|
><TR
|
|
><TD
|
|
WIDTH="45%"
|
|
> </TD
|
|
><TD
|
|
WIDTH="45%"
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><I
|
|
><P
|
|
><I
|
|
>The end of a matter is better than its beginning, and
|
|
patience is better than pride.</I
|
|
></P
|
|
></I
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="45%"
|
|
> </TD
|
|
><TD
|
|
WIDTH="45%"
|
|
ALIGN="RIGHT"
|
|
VALIGN="TOP"
|
|
><I
|
|
><SPAN
|
|
CLASS="ATTRIBUTION"
|
|
>Ecclesiastes 7:8 (NIV)</SPAN
|
|
></I
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>Designing and implementing a truly secure program
|
|
is actually a difficult task on Unix-like systems such as Linux and Unix.
|
|
The difficulty is that a truly secure program must respond
|
|
appropriately to all possible inputs and environments
|
|
controlled by a potentially hostile user.
|
|
Developers of secure programs must deeply understand their platform,
|
|
seek and use guidelines (such as these), and then use assurance
|
|
processes (such as inspections and other peer review techniques)
|
|
to reduce their programs' vulnerabilities.</P
|
|
><P
|
|
>In conclusion, here are some of the key guidelines in this book:
|
|
|
|
<P
|
|
></P
|
|
><UL
|
|
><LI
|
|
><P
|
|
>Validate all your inputs, including command line inputs,
|
|
environment variables, CGI inputs, and so on.
|
|
Don't just reject ``bad'' input; define what is an ``acceptable'' input
|
|
and reject anything that doesn't match.</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>Avoid buffer overflow.
|
|
Make sure that long inputs (and long intermediate data values) can't
|
|
be used to take over your program.
|
|
This is the primary programmatic error at this time.</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>Structure program internals.
|
|
Secure the interface, minimize privileges, make the initial configuration
|
|
and defaults safe, and fail safe.
|
|
Avoid race conditions (e.g., by safely opening any files in a shared
|
|
directory like /tmp).
|
|
Trust only trustworthy channels
|
|
(e.g., most servers must not trust their clients for security checks or
|
|
other sensitive data such as an item's price in a purchase).</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>Carefully call out to other resources.
|
|
Limit their values to valid values (in particular be concerned about
|
|
metacharacters), and check all system call return values.</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>Reply information judiciously.
|
|
In particular, minimize feedback, and handle full or unresponsive output
|
|
to an untrusted user.</P
|
|
></LI
|
|
></UL
|
|
> </P
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
SUMMARY="Footer navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="miscellaneous.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
ACCESSKEY="H"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="bibliography.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>Miscellaneous</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
> </TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>Bibliography</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |