LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 06-13-2007, 11:40 PM   #1
PatrickNew
Senior Member
 
Registered: Jan 2006
Location: Charleston, SC, USA
Distribution: Debian, Gentoo, Ubuntu, RHEL
Posts: 1,148
Blog Entries: 1

Rep: Reputation: 48
secure programming


I'm working on an application that will need to be setuid root. As my first setuid-root project, I'm extremely nervous about security. I know that the most common attack on an executable is a buffer overrun, or letting them shove more into an array that fits.

My application is entirely non-interactive, the only user input coming from command line arguments. So my question is, does C and/or C++ set up argc and argv securely? Is it safe to assume that CLI args are not a threat? That is, is their creation not a threat, I realize I must still carefully validate their input.
 
Old 06-14-2007, 04:02 PM   #2
mastrboy
Member
 
Registered: Aug 2005
Distribution: Debian, OpenBSD, PFsense
Posts: 73

Rep: Reputation: 15
You could compile it with Stack Smashing and Buffer overflow protection i guess, but i don't know how.
You should take a look at some of OpenBSD's projects, they are extremely good at coding securely.

Some links that might also be useful:
http://gcc.gnu.org/ml/gcc-patches/2005-05/msg01193.html
http://en.wikipedia.org/wiki/Stack-smashing_protection
http://www.trl.ibm.com/projects/security/ssp/
 
  


Reply

Tags
argv, cc++, secure


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Secure Programming with the OpenSSL LXer Syndicated Linux News 0 09-29-2006 09:33 PM
how can I secure my nis server ?can I use openSSL to secure it form sniffing ? abhi_raj Linux - Networking 1 07-10-2006 06:19 AM
LXer: University of Michigan Selects SSH Tectia for Secure System Administration and Secure File Transfers LXer Syndicated Linux News 0 04-25-2006 12:54 AM
VSFTPD with secure & non-secure logins Ricci Graham Linux - Software 5 04-07-2005 04:12 PM
Secure email (SSL vs. secure authentication) jrdioko Linux - Newbie 2 11-28-2004 01:39 PM


All times are GMT -5. The time now is 06:42 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration