[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[DotGNU]Secure Programming

From: Norbert Bollow
Subject: [DotGNU]Secure Programming
Date: Wed, 1 Jan 2003 20:58:15 +0100 (CET)

Here's something that I recommend for reading up on the security
stuff.  DotGNU needs to be better than our proprietary competitors.
This e-book is a great resource (even though he unfortunately writes
"Linux" where he means GNU/Linux) and licensed under GNU Free
Documentation License.  I think it would be a good idea to include a
copy with the planned "DotGNU package".

Greetings, Norbert.

------- Start of forwarded message -------
Mailing-List: contact address@hidden; run by ezmlm
Date: Mon, 30 Dec 2002 15:17:38 -0500
From: David Wheeler <address@hidden>
X-Accept-Language: en-us
To: address@hidden
Subject: Updated "Secure Programming for Linux and Unix HOWTO" now available.
X-UIDL: d4a8fc4f81150bafa45651a62cd6740e

The latest version of my book, "Secure Programming for Linux and Unix HOWTO",
is now available!  You can freely download it in a variety of formats at:

This book provides a set of design and implementation guidelines for writing 
secure programs for Linux and Unix systems. Such programs include application 
programs used as viewers of remote data, web applications (including CGI 
scripts), network servers, and setuid/setgid programs. This document includes 
specific guidance for a number of languages, including C, C++, Java, Perl, 
Python, and Ada95.

This is version 3.005, dated 30 December 2002.
Compared to version 3.000, this version adds new text on handling tmp files
where there are tmp cleaners running (true on most real systems -
this causes particular problems with mktemp(1)),
notes on avoiding buffer overflow in FD_SET/FD_CLR(), and
a long discussion on a new attack against web-based systems:
session fixation.  I also added text about protecting secrets in memory.

Enjoy, and happy new year.

- --- David A. Wheeler
------- End of forwarded message -------

Founder & Steering Committee member of
Norbert Bollow, Weidlistr.18, CH-8624 Gruet (near Zurich, Switzerland)
Tel +41 1 972 20 59        Fax +41 1 972 20 69

reply via email to

[Prev in Thread] Current Thread [Next in Thread]