<< Back to man.ChinaUnix.net

Chapter 7. Structure Program Internals and Approach

 

Like a city whose walls are broken down is a man who lacks self-control.

 Proverbs 25:28 (NIV)
Table of Contents
7.1. Follow Good Software Engineering Principles for Secure Programs
7.2. Secure the Interface
7.3. Separate Data and Control
7.4. Minimize Privileges
7.4.1. Minimize the Privileges Granted
7.4.2. Minimize the Time the Privilege Can Be Used
7.4.3. Minimize the Time the Privilege is Active
7.4.4. Minimize the Modules Granted the Privilege
7.4.5. Consider Using FSUID To Limit Privileges
7.4.6. Consider Using Chroot to Minimize Available Files
7.4.7. Consider Minimizing the Accessible Data
7.4.8. Consider Minimizing the Resources Available
7.5. Minimize the Functionality of a Component
7.6. Avoid Creating Setuid/Setgid Scripts
7.7. Configure Safely and Use Safe Defaults
7.8. Load Initialization Values Safely
7.9. Fail Safe
7.10. Avoid Race Conditions
7.10.1. Sequencing (Non-Atomic) Problems
7.10.1.1. Atomic Actions in the Filesystem
7.10.1.2. Temporary Files
7.10.2. Locking
7.10.2.1. Using Files as Locks
7.10.2.2. Other Approaches to Locking
7.11. Trust Only Trustworthy Channels
7.12. Set up a Trusted Path
7.13. Use Internal Consistency-Checking Code
7.14. Self-limit Resources
7.15. Prevent Cross-Site (XSS) Malicious Content
7.15.1. Explanation of the Problem
7.15.2. Solutions to Cross-Site Malicious Content
7.15.2.1. Identifying Special Characters
7.15.2.2. Filtering
7.15.2.3. Encoding (Quoting)
7.16. Foil Semantic Attacks
7.17. Be Careful with Data Types