From owner-freebsd-security Mon Dec 16 10:07:27 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id KAA21767 for security-outgoing; Mon, 16 Dec 1996 10:07:27 -0800 (PST) Received: from procert.cert.dfn.de (root@procert.cert.dfn.de [134.100.14.1]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id KAA21745 for ; Mon, 16 Dec 1996 10:07:06 -0800 (PST) Received: from tiger.cert.dfn.de (ley@tiger.cert.dfn.de [134.100.14.11]) by procert.cert.dfn.de (8.8.4/8.8.4) with ESMTP id TAA12088; Mon, 16 Dec 1996 19:10:14 +0100 (MET) From: Wolfgang Ley Received: (from ley@localhost) by tiger.cert.dfn.de (8.8.4/8.8.4) id TAA03636; Mon, 16 Dec 1996 19:10:12 +0100 (MET) Message-Id: <199612161810.TAA03636@tiger.cert.dfn.de> Subject: Re: crontab security hole exploit To: craig@ProGroup.COM (Craig Shaver) Date: Mon, 16 Dec 1996 19:10:11 +0100 (MET) Cc: security@freebsd.org In-Reply-To: <199612161654.IAA19864@seabass.progroup.com> from "Craig Shaver" at Dec 16, 96 08:54:26 am Organization: DFN-CERT (Computer Emergency Response Team, Germany) Content-Type: text Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk -----BEGIN PGP SIGNED MESSAGE----- Craig Shaver wrote: > [...] > It certainly helps me understand what is really going on. I can learn from > this to code defensively. > > Is there someplace or some book that someone who is writing new software can > refer to for learning how to write secure code in the first place? I > certainly don't want to ask some whiny security cop for each and every > little detail.... :) You might want to check the the "Secure Programming Checklist" which is a collection of the suggestions from the "Practical UNIX and Internet Security" book and a paper from AUSCERT. ftp://ftp.auscert.org.au/pub/auscert/papers/secure_programming_checklist ...or any mirror Bye, Wolfgang. - -- Wolfgang Ley, DFN-CERT, Vogt-Koelln-Str. 30, 22527 Hamburg, Germany Email: ley@cert.dfn.de Phone: +49 40 5494-2262 Fax: +49 40 5494-2241 PGP-Key available via finger ley@ftp.cert.dfn.de any key-server or via WWW from http://www.cert.dfn.de/~ley/ ...have a nice day -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMrWQgQQmfXmOCknRAQGjJgQAt8SIblFH7EpMtMK2S1hlfA6dQJEhgRPO 5AgrjlA9O5sCYToMjAVwSngxoXnArhheK6q30aS8OoF5fW6YWy+DpZnnfRsbiTMC 5WjlshVnccfVs9QHPALziUWf2zTkNk1hNtZgmkT7a5BfCmzA8HiOrYR9w/FYEcgJ uYRlsTcAzH0= =w0YU -----END PGP SIGNATURE-----