Secure Programming Cookbook

Contributed by jose on 2003-05-27 from the improve-your-code dept.

O'Reilly has a new book coming this way soon. The Secure Programming Cookbook for C and C++ by John Viega and Matt Messier promises to be a good collection of recipes for fixing up your code and doing useful routines securely. I own a couple of the cookbooks and enjoy their easy to use format. An article, Input Validation in C and C++ , discusses some of the common pitfalls of errors leading to vulnerabilities in your code. The book is due in July.

(Comments are closed)

Comments

By code monkey () on 2003-05-27 15:10

I maintain applications for a software company, and am always on the look-out for ways to program defensively. I know I'm weakest in this regard, but I've yet to find a good reference that I can use while in the thick of code trying to track down a bug.
O'Rielly books have made me very smrt (Homerism intended) over the years. I will definitely check out this title when I see it at my local computer bookstore.
Comments
1. By fansipans () on 2003-05-27 16:42
  
  If you're in the market for a good security engineering book that features code-tidbits to help you at work, i HIGHLY recommend John Viega's other book Building Secure Software . Also, I've found Ross Anderson 's Security Engineering the best book out there on security, it helped me with my programming because it gave me a better understanding of system design as a whole, so that even if you code crappy C it won't tear down the whole system if you've got a spurious strcpy layin' around.
  
  --cheers
  mike
By mpatterson () pattersonmarkANTI@SPAMoptusnet.com.au on 2003-05-28 08:26 mailto:pattersonmarkANTI@SPAMoptusnet.com.au

John Viega admits that it may be advisable to "use a different programming language." The security of OpenBSD comes from the highly disciplined use of a dangerous language. I know it's iconoclastic, but wouldn't it be better to have a language which relieved newbies and less disciplined programmers from the attention load? Theo has said that the way to program securely is to be very familiar with the APIs you're using, perhaps because C's APIs require a high level of familiarity to code even simple stuff safely. Maybe Ada didn't quite fit the bill, and rewriting BSD in a better langauge would be a large undertaking. But we are forever paying tax to the bad decisions of the past.
Comments
1. By jose () on 2003-05-28 10:59 http://monkey.org/~jose/
  
  C is dangerous, you're right. and much of it comes from inconsistent APIs, which is why OpenBSD has done things like introducing easy to use, consistent interfaces: slrlcat(), strlcpy(), arc4random(), etc. this is why it documents usages in the manpages so correctly, it's code you can cut and paste into your own code. this doesn't stop all errors, but it helps. look around for fixes for & vs && errors, va_arg() corrections, etc. everyone makes mistakes.
  
  the option of rewriting all or much of OpenBSD in a language (say, a typesafe language like Cyclone or C#, and hopefully you're not the "rewrite OpenBSD in Java!" guy) is impossible to do reasonably. think about it for a bit. low level material in the kernel will have to be in assembly, and most of the kernel will probably still be in C. so then you start rewriting the userland in this new lanaguage. so you have two sets of libraries, two compilers, etc ... two of everything for some forseeable future. now you have an entirely new codebase ... which probably has more errors than what you started with way back at OpenBSD 2.0.
  
  i'm all for doing it right, and i'm all in favor of people exploring these other lanaguages. i'd love to see some migrations to languages with safer semantics and built-ins, but it's just not a reality. for the time being the best solution is to take what we have any to use it as best we can.
  Comments
  1. By Jeffrey () on 2003-05-29 01:33
    
    I agree.
    I like the message you posted to ports@ about
    'typesafe languages'. I haven't had a chance
    to look yet, but I'm gonna have a look at
    Cyclone for sure (probably today in fact).
    
    I only have done some relatively simple C programs,
    but I must say that I am somewhat surprised at how
    difficult it can actually be to do correctly.
    
    But hey, each day you learn a little more... =)
    Good docs are a must .. man pages are my favourite
    resource, but perhaps some of these books would be
    useful. Definitely worth exploration...
    
    Comments
    
    By Anonymous Coward () on 2003-05-28 15:17
    
    Actually, reading this, I was reminded about
    a language called OCaml that a friend was
    extolling the virtues of, namely that it was
    a typesafe language, primarily functional but
    with imperative and OO elements, that compiled
    to native binary format... Of course, I don't know
    if OCaml is self-hosting or not, but it would be
    a pretty rad idea to implement a very secure
    OS built on a functional language with typesafety.
    
    Comments
    
    By Anonymous Coward () on 2003-05-28 15:36
    
    ports/lang/ocaml
    
    its very nice ....
  2. By mpatterson () pattersonmarkANTI@SPAMoptusnet.com.au on 2003-05-29 00:48 mailto:pattersonmarkANTI@SPAMoptusnet.com.au
    
    No, I'm definitely not the "rewrite OpenBSD in Java!" guy. I mainly program in Delphi, I'm learning Objective-C for OS X, I've done a few months of Java. I was a C programmer, and started reading Core C++, largely to get into BeOS. It was interesting the number of times the author of Core C++ had a warning box to point out a way to shoot yourself in the foot with C/C++ that would not be an issue in Pascal. But Niklaus Wirth never intended Pascal for OS stuff. For that he started with Modula. I remember doing some Modual 2. Nice enough, needed better libraries, and less of WriteReal, WriteString etc...
    
    I was keen on Ada a while ago, but it seems to have languished. Personally, I think the OS world needs a new language, sort of Ada done right, with more wisdom and OOPS experience applied to its design. An OS needs maximum efficiency and maximum reliability. The language use makes a big difference.
By Anonymous Coward () on 2003-06-01 19:53

Looks like I'll be picking this up, God knows I need to clean up my code.

Latest Articles

Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (10)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (3)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)
Tue, Mar 12
- 06:53 OpenSSH 9.7/9.7p1 released! (0)
Mon, Mar 11
- 11:28 Game of Trees 0.97 released (0)
Sun, Mar 10
- 09:06 LibreSSL versions 3.8.3 and 3.9.0 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]