Download Secure Programming for Linux and UNIX HOWTO by Wheeler PDF

By Wheeler

Show description

Read or Download Secure Programming for Linux and UNIX HOWTO PDF

Best operating systems books

Alan Simpson's Windows XP Reloaded Bible

What the e-book covers: specializes in home windows XP performance, this Bible covers the fundamentals (e. g. , navigating your laptop) in addition to tips to use the preferred web positive factors, customise the paintings setting, continue and tweak the method, and use common innovations for operating with textual content, numbers, and photos.

Mac OS X

Bei Mac OS X handelt es sich um das jüngste Betriebssystem von Apple desktop. Es unterscheidet sich vom Vorgänger Mac OS nine nicht nur durch eine Vielzahl von neuen Funktionen und durch die neue Benutzeroberfläche Aqua, sondern vor allen Dingen durch die Nutzung von Mach und BSD als foundation für seine Implementierung.

Additional resources for Secure Programming for Linux and UNIX HOWTO

Sample text

There are several interesting security implications of Unix domain sockets. First, although Unix domain sockets can appear in the filesystem and can have stat(2) applied to them, you can't use open(2) to open them (you have to use the socket(2) and friends interface). Second, Unix domain sockets can be used to pass file descriptors between processes (not just the file's contents). This odd capability, not available in any other IPC mechanism, has been used to hack all sorts of schemes (the descriptors can basically be used as a limited version of the ``capability'' in the computer science sense of the term).

For example, if you're trying to limit disk usage, allowing such operations would allow users to claim that large files actually belonged to some other ``victim''. 4. Using Access Control Attributes Under Linux and most Unix−like systems, reading and writing attribute values are only checked when the file is opened; they are not re−checked on every read or write. Still, a large number of calls do check these attributes, since the filesystem is so central to Unix−like systems. Calls that check these attributes include open(2), creat(2), link(2), unlink(2), rename(2), mknod(2), symlink(2), and socket(2).

Other Unix−like systems handle the situation differently but for the same reason: a setuid/setgid program should not be unduly affected by the environment variables set. Note that graphical user interface toolkits generally do permit user control over dynamically linked libraries, because executables that directly invoke graphical user inteface toolkits should never, ever, be setuid (or have other special privileges) at all. 4. For Linux systems, you can get more information from my document, the Program Library HOWTO.

Download PDF sample

Rated 4.96 of 5 – based on 30 votes