Date: Tue, 17 Dec 1996 10:52:36 -0800 From: obrien@NUXI.com (David E. O'Brien) To: craig@progroup.com (Craig Shaver) Cc: security@FreeBSD.ORG Subject: Re: crontab security hole exploit Message-ID: <Mutt.19961217105236.obrien@relay.nuxi.com> In-Reply-To: <199612161654.IAA19864@seabass.progroup.com>; from Craig Shaver on Dec 16, 1996 08:54:26 -0800 References: <Pine.GSO.3.95.961216154913.7742B-100000@lich> <199612161654.IAA19864@seabass.progroup.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Craig Shaver writes:
> Is there someplace or some book that someone who is writing new software can
> refer to for learning how to write secure code in the first place? I
> certainly don't want to ask some whiny security cop for each and every
> little detail.... :)
Yes. The problem is getting such papers accepted to journals. Which
one(s) are approapiate? And then getting people to read them.
Matt Bishop has writen two simular papers on the topic:
"How to Write a Setuid Program", ;login: 12(1) [jan/feb 1987] pp.5-11
Marcus Ranum offers a tutorial on this topic. It will be offered at the
USENIX technical conference in Jan 1997.
-- David (obrien@cs.ucdavis.edu)
P.S. If you want Bishop's papers, I can try to field requests.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Mutt.19961217105236.obrien>