Guide to writing secure setuid programs?

Fri Mar 11 23:45:43 AEST 1988

In article <1037 at woton.UUCP>, riddle at woton.UUCP (Prentiss Riddle ) writes:
> There's been a recent flurry of discussion in comp.bugs.sys5 about a
> few specific security pitfalls to avoid in writing setuid programs.  I
> get the feeling that this is just the tip of the iceberg. 
> 
> Can anyone point us to a more comprehensive guide to how to write good
> setuid programs?  If you've got something on-line, please consider
> posting it; if you know of good book or journal references, please mail
> them to me and I will summarize. 
> 
> And if nothing of this sort exists, perhaps it's time to write one. 
> Thanks. 
> 
> -- Prentiss Riddle ("Aprendiz de todo, maestro de nada.")
> -- Opinions expressed are not necessarily those of my employer.
> -- riddle%woton.uucp at im4u.utexas.edu  {ihnp4,uunet}!ut-sally!im4u!woton!riddle

----------------------------------------------------

There are some very good tips on how to code secure code in the book:

	UNIX SYSTEM SECURITY: by P. H. Wood and S. G. Kochan

This book is published by: Hayden Books. In the book are examples of how
to write good code that will help protect suid/sgid programs. It actually
includes a set of guidelines to follow: First item: do not write them in the
first place, there are other ways to achieve the same effect.

                //-n-\\				 Daniel W. Meeks
        _____---=======---_____			(ihnp4!ihlpf!dwm)
    ====____\   /.. ..\   /____====
  //         ---\__O__/---        \\	Enterprise... Surrender or we'll
  \_\                            /_/	send back your *&^$% tribbles !!