Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Secure Programming for Linux and Unix HOWTO

Secure Programming for Linux and Unix HOWTO

David A. Wheeler

This book provides a set of design and implementation guidelines for writing secure programs for Linux and Unix systems. Such programs include application programs used as viewers of remote data, web applications (including CGI scripts), network servers, and setuid/setgid programs. Specific guidelines for C, C++, Java, Perl, PHP, Python, Tcl, and Ada95 are included. For a current version of the book, see

This book is Copyright (C) 1999-2003 David A. Wheeler. Permission is granted to copy, distribute and/or modify this book under the terms of the GNU Free Documentation License (GFDL), Version 1.1 or any later version published by the Free Software Foundation; with the invariant sections being ``About the Author'', with no Front-Cover Texts, and no Back-Cover texts. A copy of the license is included in the section entitled "GNU Free Documentation License". This book is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Table of Contents
1. Introduction
2. Background
2.1. History of Unix, Linux, and Open Source / Free Software
2.1.1. Unix
2.1.2. Free Software Foundation
2.1.3. Linux
2.1.4. Open Source / Free Software
2.1.5. Comparing Linux and Unix
2.2. Security Principles
2.3. Why do Programmers Write Insecure Code?
2.4. Is Open Source Good for Security?
2.4.1. View of Various Experts
2.4.2. Why Closing the Source Doesn't Halt Attacks
2.4.3. Why Keeping Vulnerabilities Secret Doesn't Make Them Go Away
2.4.4. How OSS/FS Counters Trojan Horses
2.4.5. Other Advantages
2.4.6. Bottom Line
2.5. Types of Secure Programs
2.6. Paranoia is a Virtue
2.7. Why Did I Write This Document?
2.8. Sources of Design and Implementation Guidelines
2.9. Other Sources of Security Information
2.10. Document Conventions
3. Summary of Linux and Unix Security Features
3.1. Processes
3.1.1. Process Attributes
3.1.2. POSIX Capabilities
3.1.3. Process Creation and Manipulation
3.2. Files
3.2.1. Filesystem Object Attributes
3.2.2. Creation Time Initial Values
3.2.3. Changing Access Control Attributes
3.2.4. Using Access Control Attributes
3.2.5. Filesystem Hierarchy
3.3. System V IPC
3.4. Sockets and Network Connections
3.5. Signals
3.6. Quotas and Limits
3.7. Dynamically Linked Libraries
3.8. Audit
3.9. PAM
3.10. Specialized Security Extensions for Unix-like Systems
4. Security Requirements
4.1. Common Criteria Introduction
4.2. Security Environment and Objectives
4.3. Security Functionality Requirements
4.4. Security Assurance Measure Requirements
5. Validate All Input
5.1. Command line
5.2. Environment Variables
5.2.1. Some Environment Variables are Dangerous
5.2.2. Environment Variable Storage Format is Dangerous
5.2.3. The Solution - Extract and Erase
5.2.4. Don't Let Users Set Their Own Environment Variables
5.3. File Descriptors
5.4. File Names
5.5. File Contents
5.6. Web-Based Application Inputs (Especially CGI Scripts)
5.7. Other Inputs
5.8. Human Language (Locale) Selection
5.8.1. How Locales are Selected
5.8.2. Locale Support Mechanisms
5.8.3. Legal Values
5.8.4. Bottom Line
5.9. Character Encoding
5.9.1. Introduction to Character Encoding
5.9.2. Introduction to UTF-8
5.9.3. UTF-8 Security Issues
5.9.4. UTF-8 Legal Values
5.9.5. UTF-8 Related Issues
5.10. Prevent Cross-site Malicious Content on Input
5.11. Filter HTML/URIs That May Be Re-presented
5.11.1. Remove or Forbid Some HTML Data
5.11.2. Encoding HTML Data
5.11.3. Validating HTML Data
5.11.4. Validating Hypertext Links (URIs/URLs)
5.11.5. Other HTML tags
5.11.6. Related Issues
5.12. Forbid HTTP GET To Perform Non-Queries
5.13. Counter SPAM
5.14. Limit Valid Input Time and Load Level
6. Avoid Buffer Overflow
6.1. Dangers in C/C++
6.2. Library Solutions in C/C++
6.2.1. Standard C Library Solution
6.2.2. Static and Dynamically Allocated Buffers
6.2.3. strlcpy and strlcat
6.2.4. libmib
6.2.5. C++ std::string class
6.2.6. Libsafe
6.2.7. Other Libraries
6.3. Compilation Solutions in C/C++
6.4. Other Languages
7. Structure Program Internals and Approach
7.1. Follow Good Software Engineering Principles for Secure Programs
7.2. Secure the Interface
7.3. Separate Data and Control
7.4. Minimize Privileges
7.4.1. Minimize the Privileges Granted
7.4.2. Minimize the Time the Privilege Can Be Used
7.4.3. Minimize the Time the Privilege is Active
7.4.4. Minimize the Modules Granted the Privilege
7.4.5. Consider Using FSUID To Limit Privileges
7.4.6. Consider Using Chroot to Minimize Available Files
7.4.7. Consider Minimizing the Accessible Data
7.4.8. Consider Minimizing the Resources Available
7.5. Minimize the Functionality of a Component
7.6. Avoid Creating Setuid/Setgid Scripts
7.7. Configure Safely and Use Safe Defaults
7.8. Load Initialization Values Safely
7.9. Fail Safe
7.10. Avoid Race Conditions
7.10.1. Sequencing (Non-Atomic) Problems
7.10.2. Locking
7.11. Trust Only Trustworthy Channels
7.12. Set up a Trusted Path
7.13. Use Internal Consistency-Checking Code
7.14. Self-limit Resources
7.15. Prevent Cross-Site (XSS) Malicious Content
7.15.1. Explanation of the Problem
7.15.2. Solutions to Cross-Site Malicious Content
7.16. Foil Semantic Attacks
7.17. Be Careful with Data Types
8. Carefully Call Out to Other Resources
8.1. Call Only Safe Library Routines
8.2. Limit Call-outs to Valid Values
8.3. Handle Metacharacters
8.4. Call Only Interfaces Intended for Programmers
8.5. Check All System Call Returns
8.6. Avoid Using vfork(2)
8.7. Counter Web Bugs When Retrieving Embedded Content
8.8. Hide Sensitive Information
9. Send Information Back Judiciously
9.1. Minimize Feedback
9.2. Don't Include Comments
9.3. Handle Full/Unresponsive Output
9.4. Control Data Formatting (Format Strings/Formatation)
9.5. Control Character Encoding in Output
9.6. Prevent Include/Configuration File Access
10. Language-Specific Issues
10.1. C/C++
10.2. Perl
10.3. Python
10.4. Shell Scripting Languages (sh and csh Derivatives)
10.5. Ada
10.6. Java
10.7. Tcl
10.8. PHP
11. Special Topics
11.1. Passwords
11.2. Authenticating on the Web
11.2.1. Authenticating on the Web: Logging In
11.2.2. Authenticating on the Web: Subsequent Actions
11.2.3. Authenticating on the Web: Logging Out
11.3. Random Numbers
11.4. Specially Protect Secrets (Passwords and Keys) in User Memory
11.5. Cryptographic Algorithms and Protocols
11.5.1. Cryptographic Protocols
11.5.2. Symmetric Key Encryption Algorithms
11.5.3. Public Key Algorithms
11.5.4. Cryptographic Hash Algorithms
11.5.5. Integrity Checking
11.5.6. Randomized Message Authentication Mode (RMAC)
11.5.7. Other Cryptographic Issues
11.6. Using PAM
11.7. Tools
11.8. Windows CE
11.9. Write Audit Records
11.10. Physical Emissions
11.11. Miscellaneous
12. Conclusion
13. Bibliography
A. History
B. Acknowledgements
C. About the Documentation License
D. GNU Free Documentation License
E. Endorsements
F. About the Author
List of Tables
5-1. Legal UTF-8 Sequences
List of Figures
1-1. Abstract View of a Program


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pro-Privacy Senator Wyden on Fighting the NSA From Inside the System
NIST to hypervisor admins: secure your systems
Quick PHP patch beats slow research reveal
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.