“This paper provides a set of design and implementation
guidelines for writing secure programs for Linux systems. Such
programs include application programs used as viewers of remote
data, CGI scripts, network servers, and setuid/setgid
programs….”
“This paper assumes that the reader understands computer
security issues in general, the general security model of Unix-like
systems, and the C programming language. This paper does include
some information about the Linux programming model for
security….”
“This paper first discusses the background of Linux and
security. The next section describes the general Linux security
model, giving an overview of the security attributes and operations
of processes, filesystem objects, and so on. This is followed by
the meat of this paper, a set of design and implementation
guidelines for developing applications on Linux systems. This is
broken into validating all input, avoiding buffer overflows,
structuring program internals and approach, carefully calling out
to other resources, judiciously sending information back, and
finally information on special topics (such as how to acquire
random numbers). The paper ends with conclusions and
references.”