This PDF ebook describes a set of guidelines for writing secure programs on Linux and Unix systems. For purposes of this PDF ebook, a "secure program" is a program that sits on a security boundary, taking input from a source that does not have the same access rights as the program. Such programs include application programs used as viewers of remote data, web applications (including CGI scripts), network servers, and setuid/setgid programs. This book does not address modifying the operating system kernel itself, although many of the principles discussed here do apply. These guidelines were developed as a survey of "lessons learned" from various sources on how to create such programs (along with additional observations by the author), reorganized into a set of larger principles. This book includes specific guidance for a number of languages, including C, C++, Java, Perl, PHP, Python, Tcl, and Ada95.

This PDF ebook assumes that the reader understands computer security issues in general, the general security model of Unix−like systems, networking (in particular TCP/IP based networks), and the C programming language.
This PDF ebook does include some information about the Linux and Unix programming model for security. If you need more information on how TCP/IP based networks and protocols work, including their security protocols, consult general works on TCP/IP such as [Murhammer 1998].

Chapter 2 discusses the background of Unix, Linux, and security. Chapter 3 describes the general Unix and Linux security model, giving an overview of the security attributes and operations of processes, filesystem objects, and so on. This is followed by the meat of this book, a set of design and implementation guidelines
for developing applications on Linux and Unix systems. The book ends with conclusions in Chapter 12, followed by a lengthy bibliography and appendixes.

The design and implementation guidelines are divided into categories which I believe emphasize the programmer's viewpoint. Programs accept inputs, process data, call out to other resources, and produce output, as shown in Figure 1−1; notionally all security guidelines fit into one of these categories. I've subdivided "process data" into structuring program internals and approach, avoiding buffer overflows (which in some cases can also be considered an input issue), language−specific information, and special topics. The chapters are ordered to make the material easier to follow. Thus, the book chapters giving guidelines discuss
validating all input (Chapter 5), avoiding buffer overflows Chapter 6), structuring program internals and approach (Chapter 7), carefully calling out to other resources (Chapter 8), judiciously sending information back (Chapter 9), language−specific information (Chapter 10), and finally information on special topics such
as how to acquire random numbers (Chapter 11).

File Size : 674 KB (168 Pages)
Download Free PDF Ebooks Secure Programming for Linux and Unix HOWTO

Technorati Tags: Linux Programming Ebooks