LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/HOWTO/Secure-Programs-HOWTO/index.html

819 lines
12 KiB
HTML
Raw Permalink Blame History

<HTML
><HEAD
><TITLE
>Secure Programming for Linux and Unix HOWTO</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="NEXT"
TITLE="Introduction"
HREF="introduction.html"><META
NAME="KEYWORD"
CONTENT="secure programming"><META
NAME="KEYWORD"
CONTENT="secure programs"><META
NAME="KEYWORD"
CONTENT="secure applications"><META
NAME="KEYWORD"
CONTENT="secure"><META
NAME="KEYWORD"
CONTENT="programming"><META
NAME="KEYWORD"
CONTENT="security"><META
NAME="KEYWORD"
CONTENT="Linux"><META
NAME="KEYWORD"
CONTENT="Unix"><META
NAME="KEYWORD"
CONTENT="hack"><META
NAME="KEYWORD"
CONTENT="crack"><META
NAME="KEYWORD"
CONTENT="vulnerability"><META
NAME="KEYWORD"
CONTENT="buffer overflow"><META
NAME="KEYWORD"
CONTENT="design"><META
NAME="KEYWORD"
CONTENT="implementation"><META
NAME="KEYWORD"
CONTENT="web application"><META
NAME="KEYWORD"
CONTENT="web applications"><META
NAME="KEYWORD"
CONTENT="CGI"><META
NAME="KEYWORD"
CONTENT="setuid"><META
NAME="KEYWORD"
CONTENT="setgid"><META
NAME="KEYWORD"
CONTENT="C"><META
NAME="KEYWORD"
CONTENT="C++"><META
NAME="KEYWORD"
CONTENT="Java"><META
NAME="KEYWORD"
CONTENT="Perl"><META
NAME="KEYWORD"
CONTENT="PHP"><META
NAME="KEYWORD"
CONTENT="Python"><META
NAME="KEYWORD"
CONTENT="Tcl"><META
NAME="KEYWORD"
CONTENT="Ada"><META
NAME="KEYWORD"
CONTENT="Ada95"></HEAD
><BODY
CLASS="BOOK"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="BOOK"
><A
NAME="AEN1"
></A
><DIV
CLASS="TITLEPAGE"
><H1
CLASS="TITLE"
><A
NAME="AEN2"
></A
>Secure Programming for Linux and Unix HOWTO</H1
><H3
CLASS="AUTHOR"
><A
NAME="AEN4"
></A
>David A. Wheeler</H3
><P
CLASS="EDITION"
>v3.010&nbsp;Edition </P
><P
CLASS="COPYRIGHT"
><A
HREF="ln19.html"
>Copyright</A
> &copy; 1999, 2000, 2001, 2002, 2003 David A. Wheeler</P
><P
CLASS="PUBDATE"
>v3.010, 3 March 2003<BR></P
><DIV
><DIV
CLASS="ABSTRACT"
><A
NAME="AEN21"
></A
><P
></P
><P
>This book provides a set of design and implementation
guidelines for writing secure programs for Linux and Unix systems.
Such programs include application programs used as viewers of remote data,
web applications (including CGI scripts),
network servers, and setuid/setgid programs.
Specific guidelines for C, C++, Java, Perl, PHP, Python, Tcl,
and Ada95 are included.
For a current version of the book, see
<A
HREF="http://www.dwheeler.com/secure-programs"
TARGET="_top"
>http://www.dwheeler.com/secure-programs</A
></P
><P
></P
></DIV
></DIV
><HR></DIV
><DIV
CLASS="TOC"
><DL
><DT
><B
>Table of Contents</B
></DT
><DT
>1. <A
HREF="introduction.html"
>Introduction</A
></DT
><DT
>2. <A
HREF="background.html"
>Background</A
></DT
><DD
><DL
><DT
>2.1. <A
HREF="history.html"
>History of Unix, Linux, and Open Source / Free Software</A
></DT
><DT
>2.2. <A
HREF="security-principles.html"
>Security Principles</A
></DT
><DT
>2.3. <A
HREF="why-write-insecure.html"
>Why do Programmers Write Insecure Code?</A
></DT
><DT
>2.4. <A
HREF="open-source-security.html"
>Is Open Source Good for Security?</A
></DT
><DT
>2.5. <A
HREF="types-of-programs.html"
>Types of Secure Programs</A
></DT
><DT
>2.6. <A
HREF="paranoia.html"
>Paranoia is a Virtue</A
></DT
><DT
>2.7. <A
HREF="why-write.html"
>Why Did I Write This Document?</A
></DT
><DT
>2.8. <A
HREF="sources-of-guidelines.html"
>Sources of Design and Implementation Guidelines</A
></DT
><DT
>2.9. <A
HREF="other-sources.html"
>Other Sources of Security Information</A
></DT
><DT
>2.10. <A
HREF="conventions.html"
>Document Conventions</A
></DT
></DL
></DD
><DT
>3. <A
HREF="features.html"
>Summary of Linux and Unix Security Features</A
></DT
><DD
><DL
><DT
>3.1. <A
HREF="processes.html"
>Processes</A
></DT
><DT
>3.2. <A
HREF="files.html"
>Files</A
></DT
><DT
>3.3. <A
HREF="sysv-ipc.html"
>System V IPC</A
></DT
><DT
>3.4. <A
HREF="sockets.html"
>Sockets and Network Connections</A
></DT
><DT
>3.5. <A
HREF="signals.html"
>Signals</A
></DT
><DT
>3.6. <A
HREF="quotas.html"
>Quotas and Limits</A
></DT
><DT
>3.7. <A
HREF="dlls.html"
>Dynamically Linked Libraries</A
></DT
><DT
>3.8. <A
HREF="audit.html"
>Audit</A
></DT
><DT
>3.9. <A
HREF="pam.html"
>PAM</A
></DT
><DT
>3.10. <A
HREF="unix-extensions.html"
>Specialized Security Extensions for Unix-like Systems</A
></DT
></DL
></DD
><DT
>4. <A
HREF="requirements.html"
>Security Requirements</A
></DT
><DD
><DL
><DT
>4.1. <A
HREF="x595.html"
>Common Criteria Introduction</A
></DT
><DT
>4.2. <A
HREF="x608.html"
>Security Environment and Objectives</A
></DT
><DT
>4.3. <A
HREF="x615.html"
>Security Functionality Requirements</A
></DT
><DT
>4.4. <A
HREF="x641.html"
>Security Assurance Measure Requirements</A
></DT
></DL
></DD
><DT
>5. <A
HREF="input.html"
>Validate All Input</A
></DT
><DD
><DL
><DT
>5.1. <A
HREF="command-line.html"
>Command line</A
></DT
><DT
>5.2. <A
HREF="environment-variables.html"
>Environment Variables</A
></DT
><DT
>5.3. <A
HREF="file-descriptors.html"
>File Descriptors</A
></DT
><DT
>5.4. <A
HREF="file-names.html"
>File Names</A
></DT
><DT
>5.5. <A
HREF="file-contents.html"
>File Contents</A
></DT
><DT
>5.6. <A
HREF="web-apps.html"
>Web-Based Application Inputs (Especially CGI Scripts)</A
></DT
><DT
>5.7. <A
HREF="other-inputs.html"
>Other Inputs</A
></DT
><DT
>5.8. <A
HREF="locale.html"
>Human Language (Locale) Selection</A
></DT
><DT
>5.9. <A
HREF="character-encoding.html"
>Character Encoding</A
></DT
><DT
>5.10. <A
HREF="input-protection-cross-site.html"
>Prevent Cross-site Malicious Content on Input</A
></DT
><DT
>5.11. <A
HREF="filter-html.html"
>Filter HTML/URIs That May Be Re-presented</A
></DT
><DT
>5.12. <A
HREF="avoid-get-non-queries.html"
>Forbid HTTP GET To Perform Non-Queries</A
></DT
><DT
>5.13. <A
HREF="counter-spam.html"
>Counter SPAM</A
></DT
><DT
>5.14. <A
HREF="limit-time.html"
>Limit Valid Input Time and Load Level</A
></DT
></DL
></DD
><DT
>6. <A
HREF="buffer-overflow.html"
>Avoid Buffer Overflow</A
></DT
><DD
><DL
><DT
>6.1. <A
HREF="dangers-c.html"
>Dangers in C/C++</A
></DT
><DT
>6.2. <A
HREF="library-c.html"
>Library Solutions in C/C++</A
></DT
><DT
>6.3. <A
HREF="compilation-c.html"
>Compilation Solutions in C/C++</A
></DT
><DT
>6.4. <A
HREF="other-languages.html"
>Other Languages</A
></DT
></DL
></DD
><DT
>7. <A
HREF="internals.html"
>Structure Program Internals and Approach</A
></DT
><DD
><DL
><DT
>7.1. <A
HREF="follow-good-principles.html"
>Follow Good Software Engineering Principles for Secure Programs</A
></DT
><DT
>7.2. <A
HREF="secure-interface.html"
>Secure the Interface</A
></DT
><DT
>7.3. <A
HREF="data-vs-control.html"
>Separate Data and Control</A
></DT
><DT
>7.4. <A
HREF="minimize-privileges.html"
>Minimize Privileges</A
></DT
><DT
>7.5. <A
HREF="minimize-functionality.html"
>Minimize the Functionality of a Component</A
></DT
><DT
>7.6. <A
HREF="avoid-setuid.html"
>Avoid Creating Setuid/Setgid Scripts</A
></DT
><DT
>7.7. <A
HREF="safe-configure.html"
>Configure Safely and Use Safe Defaults</A
></DT
><DT
>7.8. <A
HREF="init-safe.html"
>Load Initialization Values Safely</A
></DT
><DT
>7.9. <A
HREF="fail-safe.html"
>Fail Safe</A
></DT
><DT
>7.10. <A
HREF="avoid-race.html"
>Avoid Race Conditions</A
></DT
><DT
>7.11. <A
HREF="trustworthy-channels.html"
>Trust Only Trustworthy Channels</A
></DT
><DT
>7.12. <A
HREF="trusted-path.html"
>Set up a Trusted Path</A
></DT
><DT
>7.13. <A
HREF="internal-check.html"
>Use Internal Consistency-Checking Code</A
></DT
><DT
>7.14. <A
HREF="self-limit-resources.html"
>Self-limit Resources</A
></DT
><DT
>7.15. <A
HREF="cross-site-malicious-content.html"
>Prevent Cross-Site (XSS) Malicious Content</A
></DT
><DT
>7.16. <A
HREF="semantic-attacks.html"
>Foil Semantic Attacks</A
></DT
><DT
>7.17. <A
HREF="careful-typing.html"
>Be Careful with Data Types</A
></DT
></DL
></DD
><DT
>8. <A
HREF="call-out.html"
>Carefully Call Out to Other Resources</A
></DT
><DD
><DL
><DT
>8.1. <A
HREF="call-only-safe.html"
>Call Only Safe Library Routines</A
></DT
><DT
>8.2. <A
HREF="limit-call-outs.html"
>Limit Call-outs to Valid Values</A
></DT
><DT
>8.3. <A
HREF="handle-metacharacters.html"
>Handle Metacharacters</A
></DT
><DT
>8.4. <A
HREF="call-intentional-apis.html"
>Call Only Interfaces Intended for Programmers</A
></DT
><DT
>8.5. <A
HREF="check-returns.html"
>Check All System Call Returns</A
></DT
><DT
>8.6. <A
HREF="avoid-vfork.html"
>Avoid Using vfork(2)</A
></DT
><DT
>8.7. <A
HREF="embedded-content-bugs.html"
>Counter Web Bugs When Retrieving Embedded Content</A
></DT
><DT
>8.8. <A
HREF="hide-sensitive-information.html"
>Hide Sensitive Information</A
></DT
></DL
></DD
><DT
>9. <A
HREF="output.html"
>Send Information Back Judiciously</A
></DT
><DD
><DL
><DT
>9.1. <A
HREF="minimize-feedback.html"
>Minimize Feedback</A
></DT
><DT
>9.2. <A
HREF="no-comments.html"
>Don't Include Comments</A
></DT
><DT
>9.3. <A
HREF="handle-full-output.html"
>Handle Full/Unresponsive Output</A
></DT
><DT
>9.4. <A
HREF="control-formatting.html"
>Control Data Formatting (Format Strings/Formatation)</A
></DT
><DT
>9.5. <A
HREF="output-character-encoding.html"
>Control Character Encoding in Output</A
></DT
><DT
>9.6. <A
HREF="prevent-include-access.html"
>Prevent Include/Configuration File Access</A
></DT
></DL
></DD
><DT
>10. <A
HREF="language-specific.html"
>Language-Specific Issues</A
></DT
><DD
><DL
><DT
>10.1. <A
HREF="c-cpp.html"
>C/C++</A
></DT
><DT
>10.2. <A
HREF="perl.html"
>Perl</A
></DT
><DT
>10.3. <A
HREF="python.html"
>Python</A
></DT
><DT
>10.4. <A
HREF="shell.html"
>Shell Scripting Languages (sh and csh Derivatives)</A
></DT
><DT
>10.5. <A
HREF="ada.html"
>Ada</A
></DT
><DT
>10.6. <A
HREF="java.html"
>Java</A
></DT
><DT
>10.7. <A
HREF="tcl.html"
>Tcl</A
></DT
><DT
>10.8. <A
HREF="php.html"
>PHP</A
></DT
></DL
></DD
><DT
>11. <A
HREF="special.html"
>Special Topics</A
></DT
><DD
><DL
><DT
>11.1. <A
HREF="passwords.html"
>Passwords</A
></DT
><DT
>11.2. <A
HREF="web-authentication.html"
>Authenticating on the Web</A
></DT
><DT
>11.3. <A
HREF="random-numbers.html"
>Random Numbers</A
></DT
><DT
>11.4. <A
HREF="protect-secrets.html"
>Specially Protect Secrets (Passwords and Keys) in User Memory</A
></DT
><DT
>11.5. <A
HREF="crypto.html"
>Cryptographic Algorithms and Protocols</A
></DT
><DT
>11.6. <A
HREF="use-pam.html"
>Using PAM</A
></DT
><DT
>11.7. <A
HREF="tools.html"
>Tools</A
></DT
><DT
>11.8. <A
HREF="windows-ce.html"
>Windows CE</A
></DT
><DT
>11.9. <A
HREF="write-audit-records.html"
>Write Audit Records</A
></DT
><DT
>11.10. <A
HREF="physical-emissions.html"
>Physical Emissions</A
></DT
><DT
>11.11. <A
HREF="miscellaneous.html"
>Miscellaneous</A
></DT
></DL
></DD
><DT
>12. <A
HREF="conclusion.html"
>Conclusion</A
></DT
><DT
>13. <A
HREF="bibliography.html"
>Bibliography</A
></DT
><DT
>A. <A
HREF="document-history.html"
>History</A
></DT
><DT
>B. <A
HREF="acknowledgements.html"
>Acknowledgements</A
></DT
><DT
>C. <A
HREF="about-license.html"
>About the Documentation License</A
></DT
><DT
>D. <A
HREF="fdl.html"
>GNU Free Documentation License</A
></DT
><DT
>E. <A
HREF="endorsements.html"
>Endorsements</A
></DT
><DT
>F. <A
HREF="about-author.html"
>About the Author</A
></DT
></DL
></DIV
><DIV
CLASS="LOT"
><DL
CLASS="LOT"
><DT
><B
>List of Tables</B
></DT
><DT
>5-1. <A
HREF="character-encoding.html#AEN865"
>Legal UTF-8 Sequences</A
></DT
></DL
></DIV
><DIV
CLASS="LOT"
><DL
CLASS="LOT"
><DT
><B
>List of Figures</B
></DT
><DT
>1-1. <A
HREF="introduction.html#ABSTRACT-PROGRAM"
>Abstract View of a Program</A
></DT
></DL
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>&nbsp;</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
>&nbsp;</TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="introduction.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>&nbsp;</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
>&nbsp;</TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Introduction</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
Reference in New Issue View Git Blame Copy Permalink