Re: Coding securely, was Linux (in)security

[Brett Hutley <brett () hutley net>]

Steve Wray wrote:

*snip*
> I think that most programmers approach programming, mentally if not
> practically, from the silicon upwards. They are not thinking so much 
> about the logical structure of their programs, but of the effect of 
> the program on the hardware that it runs on; they are viewing the
> program/computer something like a 'clockwork' machine and they are
> arranging the cogs and gears and things. This is just me guessing,
> I can't see inside other peoples heads. The approach I saw in 
> functional languages was a linguistic approach; the program is
> a set of sentences in a formal language and one can use the tried
> and tested methods of algebra and formal logic to reason about a
> program and (importantly) to *calculate* program components from 
> specifications.

These days I try and create programmatic constructs to match the 
linguistic way I think about the problem in my head. With OO-style 
languages like C++ or Java, some linguistic constructs come out as 
objects, others as methods.

At some point in most programs you need to deal with messy stuff like 
GUI's/user input or file parsing, etc. Then the bug of programming 
smacks into the windscreen of dealing with the hardware/software 
environment and you need to cope with all kinds of messy API's and error 
conditions. The next thing you know, the users have redefined their 
requirements, and all your nice programming abstractions are now 
completely obsolete *sigh*. That's one of the benefits of design 
patterns - they're a good source of abstractions that are flexible and 
long-lived.

I don't necessarily think that secure programming is *hard*, but it does 
take quite a bit of knowledge. Buffer overflows are only one issue 
against the larger backdrop of input validation. Having a good 
understanding of crypto is becoming more and more important... and with 
it being able to use a library like openssl. There's priviledge 
seperation, and temporary file issues. There's SSPI on Windows and 
Kerberos on Unix.... the list goes on and on. Fortunately there are some 
good books that have come out in the last few years that provide a good 
overview of sources of vulnerabilities and techniques for dealing with 
them. I quite like "Secure Programming Cookbook for C and C++" by Matt 
Messier and John Viega. These guys have started a website at 
http://www.secureprogramming.com/ .

Cheers, Brett
--
Brett Hutley [MAppFin,CISSP,SANS GCIH]
mailto:brett () hutley net
http://hutley.net/brett


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html