From owner-freebsd-security Mon Dec 16 15:31:52 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id PAA13688 for security-outgoing; Mon, 16 Dec 1996 15:31:52 -0800 (PST) Received: from homeport.org (lighthouse.homeport.org [205.136.65.198]) by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id PAA13683 for ; Mon, 16 Dec 1996 15:31:48 -0800 (PST) Received: (adam@localhost) by homeport.org (8.6.9/8.6.9) id SAA10241; Mon, 16 Dec 1996 18:27:00 -0500 From: Adam Shostack Message-Id: <199612162327.SAA10241@homeport.org> Subject: Re: crontab security hole exploit In-Reply-To: <199612161810.TAA03636@tiger.cert.dfn.de> from Wolfgang Ley at "Dec 16, 96 07:10:11 pm" To: ley@cert.dfn.de (Wolfgang Ley) Date: Mon, 16 Dec 1996 18:26:05 -0500 (EST) Cc: craig@ProGroup.COM, security@freebsd.org X-Mailer: ELM [version 2.4ME+ PL27 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Wolfgang Ley wrote: | > Is there someplace or some book that someone who is writing new software can | > refer to for learning how to write secure code in the first place? I | > certainly don't want to ask some whiny security cop for each and every | > little detail.... :) | You might want to check the the "Secure Programming Checklist" which is | a collection of the suggestions from the "Practical UNIX and Internet | Security" book and a paper from AUSCERT. | | ftp://ftp.auscert.org.au/pub/auscert/papers/secure_programming_checklist I'll be egotistical and suggest my code review guidelines; they talk about what to look for in a review, and how to write code that will pass one. http://www.homeport.org/~adam/review.html Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume