Overview:
This paper describes a set of guidelines for writing secure programs on Linux and Unix systems. For purposes of this paper, a ``secure program'' is a program that sits on a security boundary, taking input from a source that does not have the same access rights as the program. Such programs include application programs used as viewers of remote data, web applications (including CGI scripts), network servers, and setuid/setgid programs. This paper does not address modifying the operating system kernel itself, although many of the principles discussed here do apply. These guidelines were developed as a survey of ``lessons learned'' from various sources on how to create such programs (along with additional observations by the author), reorganized into a set of larger principles. This paper includes specific guidance for a number of languages, including C, C++, Java, Perl, PHP, Python, Tcl, and Ada95.
(Is this item miscategorized? Does it need more tags? Let us know.)
| Format: | Size: | 674 KB | |
| Date: | Mar 2003 | ||
| Pages: | 168 |
People who downloaded this item also downloaded
White Papers, Webcasts, and Resources
- Whitepaper:Intelligent Data Management with Dell Product Group Dell EqualLogicRead about IDM, a new concept that makes it easier and more affordable to manage and leverage your company's data throughout its lifecycle.
- Technical On Demand Teleconference: Managing large objects in a DB2 for z/OS environment - tips and techniques IBMLearn why large objects (LOBs) represent such a critical DB2 resource, plus tips and techniques for managing LOBs more efficiently and effectively.
- Veritas Storage Foundation for Sybase ASE Cluster Edition SybaseLearn about an integrated database and storage clustering solution offering administrative efficiency, higher availability and improved performance.
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Move to SUSE Linux Enterprise get 3 years of Red Hat support
-
Get the best Linux support in the world for both SUSE® Linux Enterprise and Red Hat during your transition plus Novell will provide you with tools and reports to help you understand your Linux environment
- Learn more >>
- Unrivaled support from Novell, now available for Red Hat
-
With one, unified management tool for both Linux and Windows, your mixed environments become completely interoperable and dramatically more efficient. Interoperability means simplified management
- Learn more >>
- More interoperability, plus 3 years Red Hat support, only from Novell
-
Get the best Linux support in the world for both SUSE® Linux Enterprise and Red Hat during your transition plus Novell will provide you with tools and reports to help you understand your Linux environment
- Learn more >>
- Get top-ranked Novell support for Red Hat when you switch
-
Standardize on the most interoperable Linux in the world Choose SUSE® Linux Enterprise Server and get top-ranked Novell support for your Existing Red Hat Environment.
- Learn more >>
Featured Training Courses
- Implementing and Administering Windows 7 in the Enterprise
- CCNA Boot Camp v2.0
- VMware vSphere: Install, Configure, Manage [V4]
- Certified Ethical Hacker
- Management and Leadership Skills
- Browse all Training Courses
SmartPlanet
- Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
- More from IBM
-
- How to Drive Better Business Outcomes with Exceptional Web Experiences Download the eBook
- Driving Business Agility through SOA Connectivity & Integration Read the White Paper from IBM
- Linking Decisions and Information for Organizational Performance Read the Tom Davenport study
