Secure Application Development
Home faculty program location registration subscribe related past events	UNIX/C Programming traps and pitfalls Neither the UNIX system, nor the C programming language were built with security as a primary goal. Consequently, building a secure program can be like building a house on quicksand. The challenge for the implementor is to avoid the mechanisms that are weak, and to carefully build on the few mechanisms that remain. This tutorial focuses on implementation errors, why these errors happen, and how an implementor can avoid making such errors. Outline Security problems happen when system behavior does not match the user's expectation. The first segment illustrates this with a very small and obviously correct file shredder program that does not work at all, and for more reasons than most people can think of. The second segment illustrates several flaws that were found in real applications that used the UNIX file system in an exploitable manner. The set-uid feature is unique to UNIX, and deserves its own segment. Wietse demonstrates why it is fundamentally impossible to write set-uid software without creating a security hole. In the final segment, Wietse presents the open source Postfix mail system, and how its partitioned design not only helped to build a secure mail system, but also helped to avoid code degeneration as the system expanded in size by more than four times. Part 1 Part 2 Part 3 Part 4 Recording part 1: Recording part 2:

Secure Application Development

UNIX/C Programming traps and pitfalls

Neither the UNIX system, nor the C programming language were built with security as a primary goal. Consequently, building a secure program can be like building a house on quicksand. The challenge for the implementor is to avoid the mechanisms that are weak, and to carefully build on the few mechanisms that remain. This tutorial focuses on implementation errors, why these errors happen, and how an implementor can avoid making such errors.

Outline

Security problems happen when system behavior does not match the user's expectation. The first segment illustrates this with a very small and obviously correct file shredder program that does not work at all, and for more reasons than most people can think of.

The second segment illustrates several flaws that were found in real applications that used the UNIX file system in an exploitable manner.

The set-uid feature is unique to UNIX, and deserves its own segment. Wietse demonstrates why it is fundamentally impossible to write set-uid software without creating a security hole.

In the final segment, Wietse presents the open source Postfix mail system, and how its partitioned design not only helped to build a secure mail system, but also helped to avoid code degeneration as the system expanded in size by more than four times.

Secure Application Development

UNIX/C Programming traps and pitfalls

Outline

Recording part 1:

Recording part 2: