Secure Programming for Linux HOWTO Secure Programming for Linux HOWTO Table of Contents Secure Programming for Linux HOWTO........................................................................................................1 David A. Wheeler, dwheeler@dwheeler.com.........................................................................................1 1.Introduction...........................................................................................................................................1 2.Background...........................................................................................................................................1 3.Summary of Linux Security Features...................................................................................................1 4.Validate All Input.................................................................................................................................1 5.Avoid Buffer Overflow.........................................................................................................................2 6.Structure Program Internals and Approach...........................................................................................2 7.Carefully Call Out to Other Resources.................................................................................................2 8.Send Information Back Judiciously......................................................................................................2 9.Special Topics.......................................................................................................................................2 10.Conclusions.........................................................................................................................................3 11.References...........................................................................................................................................3 12.Document License..............................................................................................................................3 1. Introduction..........................................................................................................................................3 10. Conclusions........................................................................................................................................4 11. References..........................................................................................................................................4 12. Document License.............................................................................................................................7 2. Background..........................................................................................................................................8 2.1 Linux and Open Source Software......................................................................................................8 2.2 Security Principles.............................................................................................................................9 2.3 Types of Secure Programs.................................................................................................................9 2.4 Paranoia is a Virtue..........................................................................................................................10 2.5 Sources of Design and Implementation Guidelines.........................................................................10 2.6 Document Conventions....................................................................................................................11 3. Summary of Linux Security Features................................................................................................12 3.1 Processes..........................................................................................................................................12 Process Attributes.....................................................................................................................12 POSIX Capabilities...................................................................................................................13 Process Creation and Manipulation..........................................................................................13 3.2 Filesystem........................................................................................................................................14 Filesystem Object Attributes....................................................................................................14 Creation Time Initial Values.....................................................................................................15 Changing Access Control Attributes........................................................................................15 Using Access Control Attributes..............................................................................................15 Filesystem Hierarchy................................................................................................................15 3.3 System V IPC...................................................................................................................................16 3.4 Sockets and Network Connections..................................................................................................16 3.5 Quotas and Limits............................................................................................................................16 3.6 Audit................................................................................................................................................17 3.7 PAM.................................................................................................................................................17 4. Validate All Input..............................................................................................................................17 4.1 Command line..................................................................................................................................18 4.2 Environment Variables....................................................................................................................18 4.3 File Descriptors................................................................................................................................18 4.4 File Contents....................................................................................................................................19 4.5 CGI Inputs........................................................................................................................................19 i Secure Programming for Linux HOWTO Table of Contents 4.6 Other Inputs.....................................................................................................................................19 4.7 Limit Valid Input Time and Load Level..........................................................................................19 5. Avoid Buffer Overflow......................................................................................................................20 5.1 Dangers in C/C++............................................................................................................................20 5.2 Library Solutions in C/C++.............................................................................................................20 5.3 Compilation Solutions in C/C++.....................................................................................................21 5.4 Other Languages..............................................................................................................................22 6. Structure Program Internals and Approach........................................................................................22 6.1 Secure the Interface..........................................................................................................................22 6.2 Minimize Permissions......................................................................................................................22 6.3 Use Safe Defaults.............................................................................................................................24 6.4 Fail Open..........................................................................................................................................24 6.5 Avoid Race Conditions....................................................................................................................24 6.6 Trust Only Trustworthy Channels...................................................................................................24 6.7 Use Internal Consistency−Checking Code......................................................................................25 6.8 Self−limit Resources........................................................................................................................25 7. Carefully Call Out to Other Resources..............................................................................................26 7.1 Limit Call−outs to Valid Values......................................................................................................26 7.2 Check All System Call Returns.......................................................................................................26