The latest article in my "Secure Programmer" series is now available! This series is a developerWorks series on how to develop secure programs for Linux/Unix.
Article #7 is Secure programmer: Call Components Safely. The posted date is 16 December 2004, but it's only been available since around 23 December 2004. You can view it via: http://www-106.ibm.com/developerworks/linux/library/l-calls.html
Here's the abstract: Application programs typically make calls to other components, such as the underlying operating system, database systems, reusable libraries, Internet services (like DNS), Web services, and so on. This article explains how to prevent attackers from exploiting those calls to other components by discussing the use of only secure components, passing only valid data, making sure the data will be correctly interpreted, checking return values and exceptions, and protecting data as it flows between applications and components.
Most of the people on this list will already know this kind of info. But if you know developers who need this info, here's an easy place to direct them.
(I'm posting this to both [email protected] and [email protected] since I think it's relevant to both groups).
--- David A. Wheeler
