Path: utzoo!mnetor!uunet!lll-winken!lll-lcc!ames!pacbell!att-ih!ihnp4!ihlpf!dwm
From: dwm@ihlpf.ATT.COM (Meeks)
Newsgroups: comp.unix.wizards
Subject: Re: Guide to writing secure setuid programs?
Message-ID: <3972@ihlpf.ATT.COM>
Date: 11 Mar 88 13:45:43 GMT
References: <181@wsccs.UUCP> <722@rivm05.UUCP> <1037@woton.UUCP>
Organization: AT&T Bell Laboratories - Naperville, Illinois
Lines: 34
Summary: security on the UNIX system

In article <1037@woton.UUCP>, riddle@woton.UUCP (Prentiss Riddle ) writes:
> There's been a recent flurry of discussion in comp.bugs.sys5 about a
> few specific security pitfalls to avoid in writing setuid programs.  I
> get the feeling that this is just the tip of the iceberg. 
> 
> Can anyone point us to a more comprehensive guide to how to write good
> setuid programs?  If you've got something on-line, please consider
> posting it; if you know of good book or journal references, please mail
> them to me and I will summarize. 
> 
> And if nothing of this sort exists, perhaps it's time to write one. 
> Thanks. 
> 
> -- Prentiss Riddle ("Aprendiz de todo, maestro de nada.")
> -- Opinions expressed are not necessarily those of my employer.
> -- riddle%woton.uucp@im4u.utexas.edu  {ihnp4,uunet}!ut-sally!im4u!woton!riddle

----------------------------------------------------

There are some very good tips on how to code secure code in the book:

	UNIX SYSTEM SECURITY: by P. H. Wood and S. G. Kochan

This book is published by: Hayden Books. In the book are examples of how
to write good code that will help protect suid/sgid programs. It actually
includes a set of guidelines to follow: First item: do not write them in the
first place, there are other ways to achieve the same effect.



                //-n-\\				 Daniel W. Meeks
        _____---=======---_____			(ihnp4!ihlpf!dwm)
    ====____\   /.. ..\   /____====
  //         ---\__O__/---        \\	Enterprise... Surrender or we'll
  \_\                            /_/	send back your *&^$% tribbles !!