Re: How to Write Secure Code

[edebill () MAIL PCORDER COM (Erik Debill)]

On Fri, Mar 10, 2000 at 10:45:59AM -0800, Adam.Levine () BANKOFAMERICA COM wrote:
> In addition to standards for writing secure code, I would be very interested in
> hearing about any tools that can be used to audit compliance with these
> standards.  If you were going to audit an application where these standards did
> not exist, what would you use to sift through millions of lines of code to
> identify exposures?

Thank god I never got faced with millions of lines of
code... thousands was enough.

I started with grep.  Looking for instances of "risky" calls, like
strcpy, system, exec.  I found lots and worked backwards from them to
make sure they weren't being called with unchecked data (they were - I
got to have a little "discussion" with the author).

After that it was tracing the dataflow of the program (bunch 'o' CGI
scripts in lousy C++, so at least the dataflow wasn't too complicated)
to make sure every place data came in it was treated right.

That still left the problem that data could come in, be cleaned and
made a safe length but later on be stuffed into a variable that was
too small.

I'm afraid doing anything truly thorough would really come down to
grovelling over the entire source of the application - a full code
audit.  Too bad nobody seems to have time for that (aside from the
incredible efforts going on over at OpenBSD and the Linux Security
Audit Project).

Erik