> From: matt @
AU (Jas (Matthew K))
> Subject: Re: Secure Programming Techniques
> C in and of itself is neither secure nor insecure. what makes "C
> programming" (in)secure is a combination of the OS you are running and the
> libraries you use to do things within that OS.
Matt, this certainly wasn't very helpful, if there wasn't insecure C programming
techniques, how happy we would all be:) What about avoiding the use of
system and popen in setuid applications (or at least making sure you push
an intelligent PATH and IFS into the environment first?) If you have to
use system or popen and the string you use is derived from user input, how
about scanning for the first ';' and replacing it with '\0'? What about making
sure that you guard against fixed size buffers being overwritten by user input?
I could go on and on.
I'd also be curious about whether anyone's collected all these wisdoms in
one place? If you know of good C/C++ programming techniques for a secure
environment, (which would also be the things to look for in evaluating
software to live on your firewall,) please send them to me, I'll summarize,
and make sure that the information is available somewhere. Perhaps the
greatcircle.com ftp site would be an appropriate place.
These opinions are mine, and not Amdahl's (except by coincidence;).
~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~
/ | | (\ \
| Patrick J. Horgan | Amdahl Corporation | \\ Have |
| patrick @
com | 1250 East Arques Avenue | \\ _ Sword |
| Phone : (408)992-2779 | P.O. Box 3470 M/S 316 | \\/ Will |
| FAX : (408)773-0833 | Sunnyvale, CA 94088-3470 | _/\\ Travel |
\ | O16-2294 | \) /
~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~