Linux Today: Linux News On Internet Time.

Secure Programming for Linux and Unix HOWTO Updated

Jan 02, 2003, 01:00 (0 Talkback[s])
(Other stories by David A. Wheeler)

From the announcement...

"This book provides a set of design and implementation guidelines for writing secure programs for Linux and Unix systems. Such programs include application programs used as viewers of remote data, web applications (including CGI scripts), network servers, and setuid/setgid programs. This document includes specific guidance for a number of languages, including C, C++, Java, Perl, Python, and Ada95.

"This is version 3.005, dated 30 December 2002.

Compared to version 3.000, this version adds new text on handling tmp files where there are tmp cleaners running (true on most real systems--this causes particular problems with mktemp(1)), notes on avoiding buffer overflow in FD_SET/FD_CLR(), and a long discussion on a new attack against web-based systems: session fixation. I also added text about protecting secrets in memory..."

Link to HOWTO

Related Stories: