Secure programming cookbook for C and C++ / John Viega and Matt Messier ; [foreword by Gene Spafford].

Format:

Book

Author/Creator:

Viega, John.

Contributor:

Messier, Matt.

Language:

English

Subjects (All):

C (Computer program language).

C++ (Computer program language).

Computer security.

Computer software--Development.

Computer software.

Physical Description:

1 online resource (792 p.)

Edition:

First edition.

Place of Publication:

Sebastopol, California : O'Reilly, 2003.

Language Note:

English

System Details:

text file

Summary:

Password sniffing, spoofing, buffer overflows, and denial of service: these are only a few of the attacks on today's computer systems and networks. At the root of this epidemic is poorly written, poorly tested, and insecure code that puts everyone at risk. Clearly, today's developers need help figuring out how to write code that attackers won't be able to exploit. But writing such code is surprisingly difficult. Secure Programming Cookbook for C and C++ is an important new resource for developers serious about writing secure code. It contains a wealth of solutions to pr

Contents:

Secure Programming Cookbook for C and C++; Preface; We Can&t Do It All; Organization of This Book; Recipe Compatibility; Conventions Used in This Book; Comments and Questions; Acknowledgments; 1. Safe Initialization; 1.1.2. Solution; 1.1.3. Discussion; 1.1.4. See Also; 1.2. Restricting Privileges on Windows; 1.2.2. Solution; 1.2.3. Discussion; 1.2.3.2. Modifying a process&s primary token; 1.2.3.3. Working with SID_AND_ATTRIBUTES structures; 1.2.3.4. Working with LUID_AND_ATTRIBUTES structures; 1.2.4. See Also; 1.3. Dropping Privileges in setuid Programs; 1.3.2. Solution; 1.3.3. Discussion

1.3.4. See Also1.4. Limiting Risk with Privilege Separation; 1.4.2. Solution; 1.4.3. Discussion; 1.4.3.2. A privilege separation library: privman; 1.4.4. See Also; 1.5. Managing File Descriptors Safely; 1.5.2. Solution; 1.5.3. Discussion; 1.6. Creating a Child Process Securely; 1.6.2. Solution; 1.6.3. Discussion; 1.6.4. See Also; 1.7. Executing External Programs Securely; 1.7.2. Solution; 1.7.3. Discussion; 1.7.4. See Also; 1.8. Executing External Programs Securely; 1.8.2. Solution; 1.8.3. Discussion; 1.9. Disabling Memory Dumps in the Event of a Crash; 1.9.2. Solution; 1.9.3. Discussion

1.9.4. See Also2. Access Control; 2.1.2. Solution; 2.1.3. Discussion; 2.1.3.2. The setuid bit; 2.1.3.3. The setgid bit; 2.1.4. See Also; 2.2. Understanding the Windows Access Control Model; 2.2.2. Solution; 2.2.3. Discussion; 2.3. Determining Whether a User Has Access to a File on Unix; 2.3.2. Solution; 2.3.3. Discussion; 2.4. Determining Whether a Directory Is Secure; 2.4.2. Solution; 2.4.3. Discussion; 2.5. Erasing Files Securely; 2.5.2. Solution; 2.5.3. Discussion; 2.5.4. See Also; 2.6. Accessing File Information Securely; 2.6.2. Solution; 2.6.3. Discussion; 2.6.4. See Also

2.7. Restricting Access Permissions for New Files on Unix2.7.2. Solution; 2.7.3. Discussion; 2.7.4. See Also; 2.8. Locking Files; 2.8.2. Solution; 2.8.3. Discussion; 2.8.3.2. Locking files on Windows; 2.9. Synchronizing Resource Access Across Processes on Unix; 2.9.2. Solution; 2.9.3. Discussion; 2.9.4. See Also; 2.10. Synchronizing Resource Access Across Processes on Windows; 2.10.2. Solution; 2.10.3. Discussion; 2.10.4. See Also; 2.11. Creating Files for Temporary Use; 2.11.2. Solution; 2.11.3. Discussion; 2.11.3.2. Temporary files on Windows; 2.11.4. See Also

2.12. Restricting Filesystem Access on Unix2.12.2. Solution; 2.12.3. Discussion; 2.13. Restricting Filesystem and Network Access on FreeBSD; 2.13.2. Solution; 2.13.3. Discussion; 2.13.4. See Also; 3. Input Validation; 3.1.2. Solution; 3.1.3. Discussion; 3.1.4. See Also; 3.2. Preventing Attacks on Formatting Functions; 3.2.2. Solution; 3.2.3. Discussion; 3.2.4. See Also; 3.3. Preventing Buffer Overflows; 3.3.2. Solution; 3.3.3. Discussion; 3.3.3.2. Using C++; 3.3.3.3. Stack protection technologies; 3.3.4. See Also; 3.4. Using the SafeStr Library; 3.4.2. Solution; 3.4.3. Discussion

3.4.4. See Also

Notes:

"Covers Unix and Windows"--Cover.

"Recipes for cryptography, authentication, networking, input validation & more"--Cover.

Includes index.

Description based on print version record.

ISBN:

9780596517014

0596517017

9780596552183

0596552181

OCLC:

609840932