Secure Programming for Linux and Unix HOWTO

David A. Wheeler

Copyright © 1999, 2000 by David A. Wheeler

This paper provides a set of design and implementation guidelines for writing secure programs for Linux and Unix systems. Such programs include application programs used as viewers of remote data, web applications (including CGI scripts), network servers, and setuid/setgid programs. Specific guidelines for C, C++, Java, Perl, Python, TCL, and Ada95 are included.

Table of Contents

1. Introduction

2. Background

2.1. History of Unix, Linux, and Open Source / Free Software
2.2. Security Principles
2.3. Types of Secure Programs
2.4. Paranoia is a Virtue
2.5. Why Did I Write This Document?
2.6. Sources of Design and Implementation Guidelines
2.7. Other Sources of Security Information
2.8. Document Conventions

3. Summary of Linux and Unix Security Features

3.1. Processes
3.2. Files
3.3. System V IPC
3.4. Sockets and Network Connections
3.5. Signals
3.6. Quotas and Limits
3.7. Dynamically Linked Libraries
3.8. Audit
3.9. PAM

4. Validate All Input

4.1. Command line
4.2. Environment Variables
4.3. File Descriptors
4.4. File Contents
4.5. Web-Based Applications (Especially CGI Scripts)
4.6. Other Inputs
4.7. Human Language (Locale) Selection
4.8. Character Encoding
4.9. Limit Valid Input Time and Load Level

5. Avoid Buffer Overflow

5.1. Dangers in C/C++
5.2. Library Solutions in C/C++
5.3. Compilation Solutions in C/C++
5.4. Other Languages

6. Structure Program Internals and Approach

6.1. Secure the Interface
6.2. Minimize Privileges
6.3. Avoid Creating Setuid/Setgid Scripts
6.4. Configure Safely and Use Safe Defaults
6.5. Fail Safe
6.6. Avoid Race Conditions
6.7. Trust Only Trustworthy Channels
6.8. Use Internal Consistency-Checking Code
6.9. Self-limit Resources

7. Carefully Call Out to Other Resources

7.1. Limit Call-outs to Valid Values
7.2. Call Only Interfaces Intended for Programmers
7.3. Check All System Call Returns
7.4. Avoid Using vfork(2)
7.5. Counter Web Bugs When Retrieving Embedded Content

8. Send Information Back Judiciously

8.1. Minimize Feedback
8.2. Handle Full/Unresponsive Output
8.3. Control Data Formatting

9. Language-Specific Issues

9.1. C/C++
9.2. Perl
9.3. Python
9.4. Shell Scripting Languages (sh and csh Derivatives)
9.5. Ada
9.6. Java
9.7. TCL

10. Special Topics

10.1. Passwords
10.2. Random Numbers
10.3. Specially Protect Secrets (Passwords and Keys) in User Memory
10.4. Cryptographic Algorithms and Protocols
10.5. PAM
10.6. Tools
10.7. Miscellaneous

11. Conclusion

12. Bibliography

B. Acknowledgements

C. About the Documentation License

D. GNU Free Documentation License

E. Endorsements

F. About the Author

List of Tables
4-1. Illegal UTF-8 initial sequences

		Next
		Introduction