Secure Programming for Linux and Unix HOWTO Updated
Jan 02, 2003, 01:00 (0 Talkback[s])
(Other stories by David A. Wheeler)
From the announcement...
"This book provides a set of design and implementation
guidelines for writing secure programs for Linux and Unix systems.
Such programs include application programs used as viewers of
remote data, web applications (including CGI scripts), network
servers, and setuid/setgid programs. This document includes
specific guidance for a number of languages, including C, C++,
Java, Perl, Python, and Ada95.
"This is version 3.005, dated 30 December 2002.
Compared to version 3.000, this version adds new text on
handling tmp files where there are tmp cleaners running (true on
most real systems--this causes particular problems with mktemp(1)),
notes on avoiding buffer overflow in FD_SET/FD_CLR(), and a long
discussion on a new attack against web-based systems: session
fixation. I also added text about protecting secrets in
Link to HOWTO