Jump to content
Nytro

Secure Programming for Linux and Unix HOWTO

By Nytro, in Tutoriale in engleza

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

Table of Contents

1. Introduction

2. Background

2.1. History of Unix, Linux, and Open Source / Free Software

2.1.1. Unix

2.1.2. Free Software Foundation

2.1.3. Linux

2.1.4. Open Source / Free Software

2.1.5. Comparing Linux and Unix

2.2. Security Principles

2.3. Why do Programmers Write Insecure Code?

2.4. Is Open Source Good for Security?

2.4.1. View of Various Experts

2.4.2. Why Closing the Source Doesn't Halt Attacks

2.4.3. Why Keeping Vulnerabilities Secret Doesn't Make Them Go Away

2.4.4. How OSS/FS Counters Trojan Horses

2.4.5. Other Advantages

2.4.6. Bottom Line

2.5. Types of Secure Programs

2.6. Paranoia is a Virtue

2.7. Why Did I Write This Document?

2.8. Sources of Design and Implementation Guidelines

2.9. Other Sources of Security Information

2.10. Document Conventions

3. Summary of Linux and Unix Security Features

3.1. Processes

3.1.1. Process Attributes

3.1.2. POSIX Capabilities

3.1.3. Process Creation and Manipulation

3.2. Files

3.2.1. Filesystem Object Attributes

3.2.2. Creation Time Initial Values

3.2.3. Changing Access Control Attributes

3.2.4. Using Access Control Attributes

3.2.5. Filesystem Hierarchy

3.3. System V IPC

3.4. Sockets and Network Connections

3.5. Signals

3.6. Quotas and Limits

3.7. Dynamically Linked Libraries

3.8. Audit

3.9. PAM

3.10. Specialized Security Extensions for Unix-like Systems

4. Security Requirements

4.1. Common Criteria Introduction

4.2. Security Environment and Objectives

4.3. Security Functionality Requirements

4.4. Security Assurance Measure Requirements

5. Validate All Input

5.1. Command line

5.2. Environment Variables

5.2.1. Some Environment Variables are Dangerous

5.2.2. Environment Variable Storage Format is Dangerous

5.2.3. The Solution - Extract and Erase

5.2.4. Don't Let Users Set Their Own Environment Variables

5.3. File Descriptors

5.4. File Names

5.5. File Contents

5.6. Web-Based Application Inputs (Especially CGI Scripts)

5.7. Other Inputs

5.8. Human Language (Locale) Selection

5.8.1. How Locales are Selected

5.8.2. Locale Support Mechanisms

5.8.3. Legal Values

5.8.4. Bottom Line

5.9. Character Encoding

5.9.1. Introduction to Character Encoding

5.9.2. Introduction to UTF-8

5.9.3. UTF-8 Security Issues

5.9.4. UTF-8 Legal Values

5.9.5. UTF-8 Related Issues

5.10. Prevent Cross-site Malicious Content on Input

5.11. Filter HTML/URIs That May Be Re-presented

5.11.1. Remove or Forbid Some HTML Data

5.11.2. Encoding HTML Data

5.11.3. Validating HTML Data

5.11.4. Validating Hypertext Links (URIs/URLs)

5.11.5. Other HTML tags

5.11.6. Related Issues

5.12. Forbid HTTP GET To Perform Non-Queries

5.13. Counter SPAM

5.14. Limit Valid Input Time and Load Level

6. Avoid Buffer Overflow

6.1. Dangers in C/C++

6.2. Library Solutions in C/C++

6.2.1. Standard C Library Solution

6.2.2. Static and Dynamically Allocated Buffers

6.2.3. strlcpy and strlcat

6.2.4. libmib

6.2.5. C++ std::string class

6.2.6. Libsafe

6.2.7. Other Libraries

6.3. Compilation Solutions in C/C++

6.4. Other Languages

7. Structure Program Internals and Approach

7.1. Follow Good Software Engineering Principles for Secure Programs

7.2. Secure the Interface

7.3. Separate Data and Control

7.4. Minimize Privileges

7.4.1. Minimize the Privileges Granted

7.4.2. Minimize the Time the Privilege Can Be Used

7.4.3. Minimize the Time the Privilege is Active

7.4.4. Minimize the Modules Granted the Privilege

7.4.5. Consider Using FSUID To Limit Privileges

7.4.6. Consider Using Chroot to Minimize Available Files

7.4.7. Consider Minimizing the Accessible Data

7.4.8. Consider Minimizing the Resources Available

7.5. Minimize the Functionality of a Component

7.6. Avoid Creating Setuid/Setgid Scripts

7.7. Configure Safely and Use Safe Defaults

7.8. Load Initialization Values Safely

7.9. Fail Safe

7.10. Avoid Race Conditions

7.10.1. Sequencing (Non-Atomic) Problems

7.10.1.1. Atomic Actions in the Filesystem

7.10.1.2. Temporary Files

7.10.2. Locking

7.10.2.1. Using Files as Locks

7.10.2.2. Other Approaches to Locking

7.11. Trust Only Trustworthy Channels

7.12. Set up a Trusted Path

7.13. Use Internal Consistency-Checking Code

7.14. Self-limit Resources

7.15. Prevent Cross-Site (XSS) Malicious Content

7.15.1. Explanation of the Problem

7.15.2. Solutions to Cross-Site Malicious Content

7.15.2.1. Identifying Special Characters

7.15.2.2. Filtering

7.15.2.3. Encoding (Quoting)

7.16. Foil Semantic Attacks

7.17. Be Careful with Data Types

8. Carefully Call Out to Other Resources

8.1. Call Only Safe Library Routines

8.2. Limit Call-outs to Valid Values

8.3. Handle Metacharacters

8.4. Call Only Interfaces Intended for Programmers

8.5. Check All System Call Returns

8.6. Avoid Using vfork(2)

8.7. Counter Web Bugs When Retrieving Embedded Content

8.8. Hide Sensitive Information

9. Send Information Back Judiciously

9.1. Minimize Feedback

9.2. Don't Include Comments

9.3. Handle Full/Unresponsive Output

9.4. Control Data Formatting (Format Strings/Formatation)

9.5. Control Character Encoding in Output

9.6. Prevent Include/Configuration File Access

10. Language-Specific Issues

10.1. C/C++

10.2. Perl

10.3. Python

10.4. Shell Scripting Languages (sh and csh Derivatives)

10.5. Ada

10.6. Java

10.7. Tcl

10.8. PHP

11. Special Topics

11.1. Passwords

11.2. Authenticating on the Web

11.2.1. Authenticating on the Web: Logging In

11.2.2. Authenticating on the Web: Subsequent Actions

11.2.3. Authenticating on the Web: Logging Out

11.3. Random Numbers

11.4. Specially Protect Secrets (Passwords and Keys) in User Memory

11.5. Cryptographic Algorithms and Protocols

11.5.1. Cryptographic Protocols

11.5.2. Symmetric Key Encryption Algorithms

11.5.3. Public Key Algorithms

11.5.4. Cryptographic Hash Algorithms

11.5.5. Integrity Checking

11.5.6. Randomized Message Authentication Mode (RMAC)

11.5.7. Other Cryptographic Issues

11.6. Using PAM

11.7. Tools

11.8. Windows CE

11.9. Write Audit Records

11.10. Physical Emissions

11.11. Miscellaneous

12. Conclusion

13. Bibliography

A. History

B. Acknowledgements

C. About the Documentation License

D. GNU Free Documentation License

E. Endorsements

F. About the Author

List of Tables

5-1. Legal UTF-8 Sequences

List of Figures

1-1. Abstract View of a Program

Aici:

http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO.html

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...