s i s t e m a o p e r a c i o n a l
m a g n u x l i n u x
~/
·
documentação
·
suporte
·
sobre
Secure Programming for Linux and Unix HOWTO
Prev
Next
Chapter 6. Structure Program Internals and Approach
Like a city whose walls are broken down is a man who lacks self-control.
Proverbs 25:28 (NIV)
Table of Contents
6.1.
Follow Good Software Engineering Principles for Secure Programs
6.2.
Secure the Interface
6.3.
Minimize Privileges
6.3.1.
Minimize the Privileges Granted
6.3.2.
Minimize the Time the Privilege Can Be Used
6.3.3.
Minimize the Time the Privilege is Active
6.3.4.
Minimize the Modules Granted the Privilege
6.3.5.
Consider Using FSUID To Limit Privileges
6.3.6.
Consider Using Chroot to Minimize Available Files
6.3.7.
Consider Minimizing the Accessible Data
6.3.8.
Consider Minimizing the Resources Available
6.4.
Avoid Creating Setuid/Setgid Scripts
6.5.
Configure Safely and Use Safe Defaults
6.6.
Load Initialization Values Safely
6.7.
Fail Safe
6.8.
Avoid Race Conditions
6.8.1.
Sequencing (Non-Atomic) Problems
6.8.1.1.
Atomic Actions in the Filesystem
6.8.1.2.
Temporary Files
6.8.2.
Locking
6.8.2.1.
Using Files as Locks
6.8.2.2.
Other Approaches to Locking
6.9.
Trust Only Trustworthy Channels
6.10.
Set up a Trusted Path
6.11.
Use Internal Consistency-Checking Code
6.12.
Self-limit Resources
6.13.
Prevent Cross-Site Malicious Content
6.13.1.
Explanation of the Problem
6.13.2.
Solutions to Cross-Site Malicious Content
6.13.2.1.
Identifying Special Characters
6.13.2.2.
Filtering
6.13.2.3.
Encoding
6.14.
Be Careful with Data Types
Prev
Home
Next
Other Languages
Follow Good Software Engineering Principles for Secure Programs
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. .. .. .. .. .. .. .. .. .. .. .. ... ... ... ... ... ... ... ... .................................................
Todas a marcas e direitos autorais desta página são de propriedade de seus autores e/ou detentores de direitos.
Copyright © 1998-2003 Flávio Veloso. Todos os direitos reservados. All rights reserved.
Linux é marca registrada de Linus Torvalds. Magnux Linux é marca registrada de Flávio Veloso.