201 lines
4.1 KiB
HTML
201 lines
4.1 KiB
HTML
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>Why Did I Write This Document?</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
|
|
REL="HOME"
|
|
TITLE="Secure Programming for Linux and Unix HOWTO"
|
|
HREF="index.html"><LINK
|
|
REL="UP"
|
|
TITLE="Background"
|
|
HREF="background.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="Paranoia is a Virtue"
|
|
HREF="paranoia.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="Sources of Design and Implementation Guidelines"
|
|
HREF="sources-of-guidelines.html"></HEAD
|
|
><BODY
|
|
CLASS="SECT1"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
SUMMARY="Header navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>Secure Programming for Linux and Unix HOWTO</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="paranoia.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
>Chapter 2. Background</TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="sources-of-guidelines.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="SECT1"
|
|
><H1
|
|
CLASS="SECT1"
|
|
><A
|
|
NAME="WHY-WRITE"
|
|
></A
|
|
>2.7. Why Did I Write This Document?</H1
|
|
><P
|
|
>One question I've been asked is ``why did you write this book''?
|
|
Here's my answer:
|
|
Over the last several years I've noticed that many developers for
|
|
Linux and Unix
|
|
seem to keep falling into the same security pitfalls, again and again.
|
|
Auditors were slowly catching problems, but it would have been better
|
|
if the problems weren't put into the code in the first place.
|
|
I believe that part of the problem was that there wasn't a single, obvious
|
|
place where developers could go and get information on how to avoid
|
|
known pitfalls.
|
|
The information was publicly available, but it was often hard to find,
|
|
out-of-date, incomplete, or had other problems.
|
|
Most such information didn't particularly discuss Linux at all, even
|
|
though it was becoming widely used!
|
|
That leads up to the answer: I developed this book
|
|
in the hope that future software developers won't repeat
|
|
past mistakes, resulting in more secure systems.
|
|
You can see a larger discussion of this at
|
|
<A
|
|
HREF="http://www.linuxsecurity.com/feature_stories/feature_story-6.html"
|
|
TARGET="_top"
|
|
>http://www.linuxsecurity.com/feature_stories/feature_story-6.html</A
|
|
>.</P
|
|
><P
|
|
>A related question that could be asked is ``why did you write your own book
|
|
instead of just referring to other documents''?
|
|
There are several answers:
|
|
|
|
<P
|
|
></P
|
|
><UL
|
|
><LI
|
|
><P
|
|
>Much of this information was scattered about; placing
|
|
the critical information in one organized document
|
|
makes it easier to use.</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>Some of this information is not written for the programmer, but
|
|
is written for an administrator or user.</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>Much of the available information emphasizes portable constructs
|
|
(constructs that work on all Unix-like systems), and
|
|
failed to discuss Linux at all.
|
|
It's often best to avoid Linux-unique abilities for portability's sake,
|
|
but sometimes the Linux-unique abilities can really aid security.
|
|
Even if non-Linux portability is desired, you may want to support
|
|
the Linux-unique abilities when running on Linux.
|
|
And, by emphasizing Linux, I can include references to information that
|
|
is helpful to someone targeting Linux that is not necessarily true for
|
|
others.</P
|
|
></LI
|
|
></UL
|
|
> </P
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
SUMMARY="Footer navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="paranoia.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
ACCESSKEY="H"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="sources-of-guidelines.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>Paranoia is a Virtue</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="background.html"
|
|
ACCESSKEY="U"
|
|
>Up</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>Sources of Design and Implementation Guidelines</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |