OpenBSD Journal

Secure Programming Cookbook

Contributed by jose on from the improve-your-code dept.

O'Reilly has a new book coming this way soon. The Secure Programming Cookbook for C and C++ by John Viega and Matt Messier promises to be a good collection of recipes for fixing up your code and doing useful routines securely. I own a couple of the cookbooks and enjoy their easy to use format. An article, Input Validation in C and C++ , discusses some of the common pitfalls of errors leading to vulnerabilities in your code. The book is due in July.

(Comments are closed)

  1. By code monkey () on

    I maintain applications for a software company, and am always on the look-out for ways to program defensively. I know I'm weakest in this regard, but I've yet to find a good reference that I can use while in the thick of code trying to track down a bug.

    O'Rielly books have made me very smrt (Homerism intended) over the years. I will definitely check out this title when I see it at my local computer bookstore.

    1. By fansipans () on

      If you're in the market for a good security engineering book that features code-tidbits to help you at work, i HIGHLY recommend John Viega's other book Building Secure Software . Also, I've found Ross Anderson 's Security Engineering the best book out there on security, it helped me with my programming because it gave me a better understanding of system design as a whole, so that even if you code crappy C it won't tear down the whole system if you've got a spurious strcpy layin' around.


  2. By mpatterson () on

    John Viega admits that it may be advisable to "use a different programming language." The security of OpenBSD comes from the highly disciplined use of a dangerous language. I know it's iconoclastic, but wouldn't it be better to have a language which relieved newbies and less disciplined programmers from the attention load? Theo has said that the way to program securely is to be very familiar with the APIs you're using, perhaps because C's APIs require a high level of familiarity to code even simple stuff safely. Maybe Ada didn't quite fit the bill, and rewriting BSD in a better langauge would be a large undertaking. But we are forever paying tax to the bad decisions of the past.

    1. By jose () on

      C is dangerous, you're right. and much of it comes from inconsistent APIs, which is why OpenBSD has done things like introducing easy to use, consistent interfaces: slrlcat(), strlcpy(), arc4random(), etc. this is why it documents usages in the manpages so correctly, it's code you can cut and paste into your own code. this doesn't stop all errors, but it helps. look around for fixes for & vs && errors, va_arg() corrections, etc. everyone makes mistakes.

      the option of rewriting all or much of OpenBSD in a language (say, a typesafe language like Cyclone or C#, and hopefully you're not the "rewrite OpenBSD in Java!" guy) is impossible to do reasonably. think about it for a bit. low level material in the kernel will have to be in assembly, and most of the kernel will probably still be in C. so then you start rewriting the userland in this new lanaguage. so you have two sets of libraries, two compilers, etc ... two of everything for some forseeable future. now you have an entirely new codebase ... which probably has more errors than what you started with way back at OpenBSD 2.0.

      i'm all for doing it right, and i'm all in favor of people exploring these other lanaguages. i'd love to see some migrations to languages with safer semantics and built-ins, but it's just not a reality. for the time being the best solution is to take what we have any to use it as best we can.

      1. By Jeffrey () on

        I agree.
        I like the message you posted to ports@ about
        'typesafe languages'. I haven't had a chance
        to look yet, but I'm gonna have a look at
        Cyclone for sure (probably today in fact).

        I only have done some relatively simple C programs,
        but I must say that I am somewhat surprised at how
        difficult it can actually be to do correctly.

        But hey, each day you learn a little more... =)
        Good docs are a must .. man pages are my favourite
        resource, but perhaps some of these books would be
        useful. Definitely worth exploration...

        1. By Anonymous Coward () on

          Actually, reading this, I was reminded about
          a language called OCaml that a friend was
          extolling the virtues of, namely that it was
          a typesafe language, primarily functional but
          with imperative and OO elements, that compiled
          to native binary format... Of course, I don't know
          if OCaml is self-hosting or not, but it would be
          a pretty rad idea to implement a very secure
          OS built on a functional language with typesafety.

          1. By Anonymous Coward () on


            its very nice ....

      2. By mpatterson () on

        No, I'm definitely not the "rewrite OpenBSD in Java!" guy. I mainly program in Delphi, I'm learning Objective-C for OS X, I've done a few months of Java. I was a C programmer, and started reading Core C++, largely to get into BeOS. It was interesting the number of times the author of Core C++ had a warning box to point out a way to shoot yourself in the foot with C/C++ that would not be an issue in Pascal. But Niklaus Wirth never intended Pascal for OS stuff. For that he started with Modula. I remember doing some Modual 2. Nice enough, needed better libraries, and less of WriteReal, WriteString etc...

        I was keen on Ada a while ago, but it seems to have languished. Personally, I think the OS world needs a new language, sort of Ada done right, with more wisdom and OOPS experience applied to its design. An OS needs maximum efficiency and maximum reliability. The language use makes a big difference.

  3. By Anonymous Coward () on

    Looks like I'll be picking this up, God knows I need to clean up my code.


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]