secure programming

rickxbx

Secure UNIX Programming FAQ
http://www.whitefang.com/sup/secure-faq.html

Introduction

This FAQ answers questions about secure programming in the UNIX environment. It is a guide for programmers and not administrators. Keep this in mind because I do not tackle any administrative issues. Try to read it as a guide if possible. I'm sorry it sounds like a bad day on jeopardy.

At the risk of sounding too philosophical, this FAQ is also a call to arms. Over almost the last decade, a good six years, a movement took place where security advisories would hit mailing lists and other forums at astonishing speed. I think the veterans are all to familiar with the repetitive nature of these security advisories, and the small amount of literature that has been published to help avoid insecure programming. This text is a condensation of this movement and a contribution made to it, placed in a technical context to better serve the UNIX security community. As the Usenet phrase goes: "Hope this helps."

A Structured Approach to Classifying Security Vulnerabilities
http://www.sei.cmu.edu/publicati ... 5tn003/05tn003.html

Historically, vulnerabilities have been classified into broad categories such as buffer overflows, format string vulnerabilities, and integer type range errors (including integer overflows). These broad categories have two major failings, however. First, it is not always possible to assign a vulnerability to a single category. Second, the distinctions are too general to be useful in any detailed engineering analysis.

For example, the following function:

bool func(char *s1, int len1,
          char *s2, int len2) {   
   char buf[128];   

  if (1 + len1 + len2 > 128) return false;   

  if (buf) {     
   strncpy(buf, s1, len1);     
   strncat(buf, s2, len2);   
   }   
   return true;
}

contains a vulnerability in that len1 or len2 could be a negative number, allowing the length check to be bypassed but still causing a buffer overflow in the strncpy() or strncat() functions. Is this an integer range value vulnerability because the integer range check was bypassed, or is this simply a buffer overflow? Either categorization would be a disservice to understanding the issues.

Understanding vulnerabilities is critical to understanding the threats they represent. Classification of vulnerabilities allows collection of frequency data and trend analysis of vulnerabilities but has not been regularly or consistently applied. Better and more comprehensive classification of vulnerabilities can lead to better correlation with incidents, exploits, and artifacts and can be used to determine the effectiveness of countermeasures. Understanding the characteristics of vulnerabilities and exploits is also essential to the development of a predictive model that can predict threats with a high correlation and significance.