Chapter 9. Language-Specific Issues

 

Undoubtedly there are all sorts of languages in the world, yet none of them is without meaning.

 1 Corinthians 14:10 (NIV)
Table of Contents
9.1. C/C++
9.2. Perl
9.3. Python
9.4. Shell Scripting Languages (sh and csh Derivatives)
9.5. Ada
9.6. Java

There are many language-specific security issues. Many of them can be summarized as follows:

9.1. C/C++

One of the biggest security problems with C and C++ programs is buffer overflow; see the chapter on buffer overflow for more information. C has the additional weakness of not supporting exceptions, which makes it easy to write programs that ignore critical error situations.

For C or C++ compilations using gcc, use at least the following as compilation flags (which turn on a host of warning messages) and try to eliminate all warnings (note that -O2 is used since some warnings can only be detected by the data flow analysis performed at higher optimization levels):
gcc -Wall -Wpointer-arith -Wstrict-prototypes -O2

You may find some auditing tools helpful for finding potential security flaws. Here are a few: