Secure Programming For Linux And Unix HOWTO

3y ago
14 Views
2 Downloads
671.36 KB
170 Pages
Last View : 17d ago
Last Download : 2m ago
Upload by : Victor Nelms
Transcription

Secure Programming for Linux and Unix HOWTODavid A. Wheelerv3.010 EditionCopyright 1999, 2000, 2001, 2002, 2003 David A. Wheelerv3.010, 3 March 2003This book provides a set of design and implementation guidelines for writing secure programs for Linux andUnix systems. Such programs include application programs used as viewers of remote data, web applications(including CGI scripts), network servers, and setuid/setgid programs. Specific guidelines for C, C , Java,Perl, PHP, Python, Tcl, and Ada95 are included. For a current version of the book, seehttp://www.dwheeler.com/secure programsThis book is Copyright (C) 1999 2003 David A. Wheeler. Permission is granted to copy, distribute and/ormodify this book under the terms of the GNU Free Documentation License (GFDL), Version 1.1 or any laterversion published by the Free Software Foundation; with the invariant sections being About the Author'',with no Front Cover Texts, and no Back Cover texts. A copy of the license is included in the section entitled"GNU Free Documentation License". This book is distributed in the hope that it will be useful, butWITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESSFOR A PARTICULAR PURPOSE.

Secure Programming for Linux and Unix HOWTOTable of ContentsChapter 1. Introduction.1Chapter 2. Background.42.1. History of Unix, Linux, and Open Source / Free Software.42.1.1. Unix.42.1.2. Free Software Foundation.42.1.3. Linux.52.1.4. Open Source / Free Software.52.1.5. Comparing Linux and Unix.52.2. Security Principles.62.3. Why do Programmers Write Insecure Code?.72.4. Is Open Source Good for Security?.82.4.1. View of Various Experts.82.4.2. Why Closing the Source Doesn't Halt Attacks.102.4.3. Why Keeping Vulnerabilities Secret Doesn't Make Them Go Away.112.4.4. How OSS/FS Counters Trojan Horses.112.4.5. Other Advantages.122.4.6. Bottom Line.122.5. Types of Secure Programs.132.6. Paranoia is a Virtue.142.7. Why Did I Write This Document?.142.8. Sources of Design and Implementation Guidelines.152.9. Other Sources of Security Information.162.10. Document Conventions.17Chapter 3. Summary of Linux and Unix Security Features.193.1. Processes.203.1.1. Process Attributes.203.1.2. POSIX Capabilities.213.1.3. Process Creation and Manipulation.213.2. Files.223.2.1. Filesystem Object Attributes.223.2.2. Creation Time Initial Values.243.2.3. Changing Access Control Attributes.243.2.4. Using Access Control Attributes.253.2.5. Filesystem Hierarchy.253.3. System V IPC.253.4. Sockets and Network Connections.263.5. Signals.273.6. Quotas and Limits.283.7. Dynamically Linked Libraries.283.8. Audit.293.9. PAM.293.10. Specialized Security Extensions for Unix like Systems.30Chapter 4. Security Requirements.314.1. Common Criteria Introduction.314.2. Security Environment and Objectives.33i

Secure Programming for Linux and Unix HOWTOTable of ContentsChapter 4. Security Requirements4.3. Security Functionality Requirements.344.4. Security Assurance Measure Requirements.35Chapter 5. Validate All Input.375.1. Command line.395.2. Environment Variables.395.2.1. Some Environment Variables are Dangerous.395.2.2. Environment Variable Storage Format is Dangerous.405.2.3. The Solution Extract and Erase.405.2.4. Don't Let Users Set Their Own Environment Variables.415.3. File Descriptors.435.4. File Names.435.5. File Contents.445.6. Web Based Application Inputs (Especially CGI Scripts).445.7. Other Inputs.455.8. Human Language (Locale) Selection.455.8.1. How Locales are Selected.465.8.2. Locale Support Mechanisms.465.8.3. Legal Values.475.8.4. Bottom Line.475.9. Character Encoding.485.9.1. Introduction to Character Encoding.485.9.2. Introduction to UTF 8.485.9.3. UTF 8 Security Issues.495.9.4. UTF 8 Legal Values.505.9.5. UTF 8 Related Issues.515.10. Prevent Cross site Malicious Content on Input.515.11. Filter HTML/URIs That May Be Re presented.515.11.1. Remove or Forbid Some HTML Data.525.11.2. Encoding HTML Data.525.11.3. Validating HTML Data.525.11.4. Validating Hypertext Links (URIs/URLs).545.11.5. Other HTML tags.585.11.6. Related Issues.585.12. Forbid HTTP GET To Perform Non Queries.595.13. Counter SPAM.605.14. Limit Valid Input Time and Load Level.61Chapter 6. Avoid Buffer Overflow.626.1. Dangers in C/C .626.2. Library Solutions in C/C .646.2.1. Standard C Library Solution.646.2.2. Static and Dynamically Allocated Buffers.656.2.3. strlcpy and strlcat.666.2.4. libmib.676.2.5. C std::string class.676.2.6. Libsafe.68ii

Secure Programming for Linux and Unix HOWTOTable of ContentsChapter 6. Avoid Buffer Overflow6.2.7. Other Libraries.696.3. Compilation Solutions in C/C .696.4. Other Languages.70Chapter 7. Structure Program Internals and Approach.717.1. Follow Good Software Engineering Principles for Secure Programs.717.2. Secure the Interface.727.3. Separate Data and Control.727.4. Minimize Privileges.727.4.1. Minimize the Privileges Granted.727.4.2. Minimize the Time the Privilege Can Be Used.747.4.3. Minimize the Time the Privilege is Active.757.4.4. Minimize the Modules Granted the Privilege.757.4.5. Consider Using FSUID To Limit Privileges.767.4.6. Consider Using Chroot to Minimize Available Files.777.4.7. Consider Minimizing the Accessible Data.787.4.8. Consider Minimizing the Resources Available.787.5. Minimize the Functionality of a Component.787.6. Avoid Creating Setuid/Setgid Scripts.787.7. Configure Safely and Use Safe Defaults.797.8. Load Initialization Values Safely.797.9. Fail Safe.807.10. Avoid Race Conditions.807.10.1. Sequencing (Non Atomic) Problems.817.10.2. Locking.887.11. Trust Only Trustworthy Channels.897.12. Set up a Trusted Path.917.13. Use Internal Consistency Checking Code.927.14. Self limit Resources.927.15. Prevent Cross Site (XSS) Malicious Content.927.15.1. Explanation of the Problem.927.15.2. Solutions to Cross Site Malicious Content.937.16. Foil Semantic Attacks.967.17. Be Careful with Data Types.97Chapter 8. Carefully Call Out to Other Resources.988.1. Call Only Safe Library Routines.988.2. Limit Call outs to Valid Values.988.3. Handle Metacharacters.988.4. Call Only Interfaces Intended for Programmers.1018.5. Check All System Call Returns.1018.6. Avoid Using vfork(2).1018.7. Counter Web Bugs When Retrieving Embedded Content.1028.8. Hide Sensitive Information.103iii

Secure Programming for Linux and Unix HOWTOTable of ContentsChapter 9. Send Information Back Judiciously.1049.1. Minimize Feedback.1049.2. Don't Include Comments.1049.3. Handle Ful

Chapter 1. Introduction A wise man attacks the city of the mighty and pulls down the stronghold in which they trust. Proverbs 21:22 (NIV) This book describes a set of guidelines for writing secure programs on Linux and Unix systems.

Related Documents:

Linux in a Nutshell Linux Network Administrator’s Guide Linux Pocket Guide Linux Security Cookbook Linux Server Hacks Linux Server Security Running Linux SELinux Understanding Linux Network Internals Linux Books Resource Center linux.oreilly.comis a complete catalog of O’Reilly’s books on Linux and Unix and related technologies .

Bruksanvisning för bilstereo . Bruksanvisning for bilstereo . Instrukcja obsługi samochodowego odtwarzacza stereo . Operating Instructions for Car Stereo . 610-104 . SV . Bruksanvisning i original

Other Linux resources from O’Reilly Related titles Building Embedded Linux Systems Linux Device Drivers Linux in a Nutshell Linux Pocket Guide Running Linux Understanding Linux Network Internals Understanding the Linux Kernel Linux Books Resource Center linu

Perfection PC Perfection PC Inc. Philips Philips Electronics Planar Planar Systems Inc PLEXON Plexon, Inc. Pogo Linux Pogo Linux, Inc. Pogo Linux Altura M2 Pogo Linux, Inc. Pogo Linux Velocity -D50 Pogo Linux, Inc. Pogo Linux Verona 330 Pogo Linux, Inc. Pogo Linux Vor

Advanced Linux Programming Contents At a Glance I Advanced UNIX Programming with Linux 1 Getting Started 3 2 Writing Good GNU/Linux Software 17 3 Processes 45 4 Threads 61 5 Interprocess Communication95 II Mastering Linux 6 Devices 129 7 The /proc File System 147 8 Linux System Calls 167 9 Inline Assembly Code 189 10 Security 197 11 A Sample GNU/Linux Application 219 III

10 tips och tricks för att lyckas med ert sap-projekt 20 SAPSANYTT 2/2015 De flesta projektledare känner säkert till Cobb’s paradox. Martin Cobb verkade som CIO för sekretariatet för Treasury Board of Canada 1995 då han ställde frågan

service i Norge och Finland drivs inom ramen för ett enskilt företag (NRK. 1 och Yleisradio), fin ns det i Sverige tre: Ett för tv (Sveriges Television , SVT ), ett för radio (Sveriges Radio , SR ) och ett för utbildnings program (Sveriges Utbildningsradio, UR, vilket till följd av sin begränsade storlek inte återfinns bland de 25 största

Hotell För hotell anges de tre klasserna A/B, C och D. Det betyder att den "normala" standarden C är acceptabel men att motiven för en högre standard är starka. Ljudklass C motsvarar de tidigare normkraven för hotell, ljudklass A/B motsvarar kraven för moderna hotell med hög standard och ljudklass D kan användas vid