The underlying security model of the Unix operating system is brittle. The Unix security model?a privileged kernel, user processes, and the superuser who can perform any system management function?is certainly a workable framework. But it is a framework in which even minor bugs or implementation errors can be subverted by an attacker to provide him with system-wide control.
Most security flaws in Unix arise from bugs and design errors in programs that run as root or with other privileges, from SUID programs or network servers that are incorrectly configured, and from unanticipated interactions among such programs.
It is exceptionally important to use secure programming techniques when writing software that is used in a network server. By definition, servers receive connections and data from unknown and possibly hostile hosts on a network. Attackers are frequently able to use bugs in these programs as a point of entry into otherwise secure systems.
This chapter contains a collection of secure programming techniques that we have developed for use on Unix systems. Much of the emphasis is on writing secure servers using the C programming language. However, most of the concepts apply to any other language, including C++ and Java. If you are writing a web-based application, you may wish to review Chapter 16, Securing Web Applications, of our book Web Security, Privacy and Commerce (O'Reilly). That chapter discusses many additional issues that come into play when developing web-based servers and application programs. That chapter also discusses many issues that arise when using scripting languages. Some other useful references are noted in Appendix C.
The Seven Design Principles of Computer SecurityIn 1975, Jerome Saltzer and M. D. Schroeder described seven criteria for building secure computing systems.[1] These criteria are still noteworthy today. They are:
Use these principles when you design and implement your own computer software. |
[1] Saltzer, J. H. and Schroeder, M. D., "The Protection of Information in Computer Systems," Proceedings of the IEEE, September 1975. As reported in Denning, Dorothy, Cryptography and Data Security (Addison-Wesley).