Secure Programming for Linux and Unix HOWTO

David A. Wheeler

This paper provides a set of design and implementation guidelines for writing secure programs for Linux and Unix systems. Such programs include application programs used as viewers of remote data, CGI scripts, network servers, and setuid/setgid programs. Specific guidance for C, C++, Java, Perl, Python, and Ada95 are included.


Table of Contents
1. Introduction
2. Background
2.1. History of Unix, Linux, and Open Source Software
2.2. Security Principles
2.3. Types of Secure Programs
2.4. Paranoia is a Virtue
2.5. Why Did I Write This Document?
2.6. Sources of Design and Implementation Guidelines
2.7. Document Conventions
3. Summary of Linux and Unix Security Features
3.1. Processes
3.2. Files
3.3. System V IPC
3.4. Sockets and Network Connections
3.5. Signals
3.6. Quotas and Limits
3.7. Dynamically Linked Libraries
3.8. Audit
3.9. PAM
4. Validate All Input
4.1. Command line
4.2. Environment Variables
4.3. File Descriptors
4.4. File Contents
4.5. CGI Inputs
4.6. Other Inputs
4.7. Character Encoding
4.8. Limit Valid Input Time and Load Level
5. Avoid Buffer Overflow
5.1. Dangers in C/C++
5.2. Library Solutions in C/C++
5.3. Compilation Solutions in C/C++
5.4. Other Languages
6. Structure Program Internals and Approach
6.1. Secure the Interface
6.2. Minimize Privileges
6.3. Avoid Creating Setuid/Setgid Scripts
6.4. Configure Safely and Use Safe Defaults
6.5. Fail Safe
6.6. Avoid Race Conditions
6.7. Trust Only Trustworthy Channels
6.8. Use Internal Consistency-Checking Code
6.9. Self-limit Resources
7. Carefully Call Out to Other Resources
7.1. Limit Call-outs to Valid Values
7.2. Check All System Call Returns
8. Send Information Back Judiciously
8.1. Minimize Feedback
8.2. Handle Full/Unresponsive Output
9. Language-Specific Issues
9.1. C/C++
9.2. Perl
9.3. Python
9.4. Shell Scripting Languages (sh and csh Derivatives)
9.5. Ada
9.6. Java
10. Special Topics
10.1. Passwords
10.2. Random Numbers
10.3. Cryptographic Algorithms and Protocols
10.4. PAM
10.5. Miscellaneous
11. Conclusion
12. Bibliography
A. History
B. Acknowledgements
C. About the Documentation License
D. GNU Free Documentation License
E. Endorsements
F. About the Author