Secure programmer: Keep an eye on inputs
Conclusions & Resources
Secure programs must check every untrusted input channel, and doing so can eliminate a lot of problems. But that's not enough. Sometimes, even just reading data can be a security vulnerability -- before the data is even checked! And processing the data can cause the program to fail in horrific ways. We're talking about the #1 security vulnerability today -- the buffer overflow. My next installment will discuss what this vulnerability is, how to counter it, and why there's hope that this will become less of a problem in the future.
- Read all of the installments in David's Secure programmer column. "Developing secure programs" covers terminology and other basics, and "Validating input discusses checking various data types.
- David's book Secure Programming for Linux and Unix HOWTO
(Wheeler, March 2003) gives a detailed account of how to develop secure
software. Chapter 7 discusses setuid and limiting privileges in detail.
- "SAP R/3 Web Application Server Demo for Linux: root exploit"
by Jochen Hein (Bugtraq, 29 April 2001) discusses the SAP
vulnerability. This vulnerability is Bugtraq id 2662 and CVE
vulnerability CVE-2001-0366. Run
chmod u-sas a workaround to disable it.
- "VIM statusline Text-Embedded Command Execution Vulnerability"
(Bugtraq, 26 March 2001), Bugtraq id 2510, discusses the vim
vulnerability. This vulnerability is CVE vulnerability CVE-2001-0408
and was originally revealed as Red Hat RHSA-2001:008-04. You can
disable it by turning off the
stloption in .vimrc.
- "Multiple Vendor Web Shopping Cart Hidden Form Field Vulnerability"
(Bugtraq, 1 Feb 2000), Bugtraq id 1237, discusses why blindly accepting
product price values from users is a bad idea and the large number of
Web applications with this error.
- "Well Known Flaw in Web Cart Software Remains Wide Open"
by Beyond-Security's SecuriTeam.com notes that not only do some
shopping carts fail to check product prices, some check product prices
but not shipping prices (so negative shipping prices give an
- David's article "Program Library HOWTO" (Wheeler, 11 April 2003) discusses how libraries (including shared libraries) are handled in GNU/Linux.
- "Why GTK_MODULES is not a security hole"
by Owen Taylor (GTK.org, 2 January 2000) explains why "writing setuid
and setgid programs using GTK+ is bad idea and will never be supported
by the GTK+ team," and notes that current versions of GTK+ will not run
setuid at all.
- Adam Shostack has posted a copy of the setuid(7) man page.
- A copy of the environ(5) man page is posted at Princeton's Computer Science department.
- Some nice discussion is included in the classic Practical Unix & Internet Security, 3rd Edition by Simson Garfinkel, Gene Spafford, and Alan Schwartz (O'Reilly & Associates, 2003). Chapter 11 discusses the
- Cameron Laird discusses server security in "Server clinic: Practical Linux security" on developerWorks.
- Gary McGraw and John Viega offer 10 points to keep in mind when building a secure system in the "Software security principles" series on developerWorks. In "Building secure software: Selecting technologies," Gary and John explore common choices faced by designers and programmers.
- Read more about Linux in the IBM developerWorks Linux section.
- IBM Research Security group has a number of security-related projects, including Internet security, Java security, cryptography, and data hiding.
- The IBM white paper "Secure Internet Applications on the AS/400 system" primarily discusses the Secure Sockets Layer (SSL) protocol.
- The AS/400 Security pages on Internet Security are a good starting point for learning more about network security.
View Secure programmer: Keep an eye on inputs DiscussionPage: 1 2 3 4 Next Page: Find and secure the gateways into your program
First published by IBM developerWorks