Secure Programming Lai Zit Seng November 2012. A Simple Program int main() { char name[100];...
-
Upload
marshall-john-austin -
Category
Documents
-
view
221 -
download
0
Transcript of Secure Programming Lai Zit Seng November 2012. A Simple Program int main() { char name[100];...
A Simple Program
int main(){ char name[100]; printf("What is your name?\n"); gets(name); printf("Hello, "); printf(name); printf("!\n"); return 0;}
Buffer Overflow Example
#include <string.h> void foo (char *bar){ char c[12]; strcpy(c, bar); // no bounds checking...} int main (int argc, char **argv){ foo(argv[1]); }
Source: Wikipedia
C Functions That Should Be Banned
This is bad Use this instead
gets() fgets()
sprintf() snprintf()
strcpy() strncpy()
strcat() strncat(), strlcat()
printf() – needs caution
Race Conditions
E.g.: How to create a temporary file in /tmp?– Use a static filename– Dynamically generate a filename– Check, then create the file
$ ls –l /tmptotal 8lrwxr-xr-x 1 lzs wheel 11 Nov 12 11:20 tmpXNg2i9 -> /etc/passwd
Suppose attacker knows program wants to create this file /tmp/tmpXNg2i9.What can attacker try to do?
Random Number Generation
How do you generate random numbers?
How do you seed the generator?
#include <stdio.h>
main () { srand(0); printf("Num #1: %d\n", rand()); printf("Num #2: %d\n", rand()); printf("Num #3: %d\n", rand());}
Num #1: 520932930Num #2: 28925691Num #3: 822784415
This sequence is fixed. If the seed is known, the random sequence can be entirely pre-determined.
Encryption vs Encoding
How do you store secrets?– E.g. if your app needs to store
passwords or credentials
If you encrypt secrets with a password, then where do you store that password?
Use Standard Libraries and Protocols
Make use of whatever is already available:– Glib– D-Bus IPC– SSL/OpenSSL for secure
communications
Don’t reinvent the wheel
Security by Obscurity
Although in some circumstances it can be adopted as part of a defense-in-depth strategy
Security through minority
Don’t count on the unlikely
Principles
Least privilege
Economy of mechanism/Simplicity
Open design
Complete mediation
Fail-safe defaults
Least common mechanisms
Separation of privilege
Psychological acceptability/Easy to useSource: The Protection of Information in Computer Systems (http://www.cs.virginia.edu/~evans/cs551/saltzer/)
Borrowing from Perl’s Taint Mode
You may not use data derived from outside your program to affect something else outside your program – at least, not by accident.
$arg = shift; # $arg is tainted $hid = $arg, 'bar'; # $hid is also tainted$line = <>; # Tainted$line = <STDIN>; # Also taintedopen FOO, "/home/me/bar" or die $!; $line = <FOO>; # Still tainted $path = $ENV{'PATH'}; # Tainted, but see below$data = 'abc'; # Not tainted system "echo $arg”; # Insecure
http://perldoc.perl.org/perlsec.html
2. Avoid buffer overflow3. Program internals/Design approach6. Language-specific issues7. Special topics
1. Validate all input
5. Send info back
judiciously
4. Carefully call out to other
resources
Source: http://www.dwheeler.com/secure-programs/secure-programming.pdf
A Program
Multi Facets of Information Security
Access control
Telecommunications & network security
Software development
security
Cryptography
Information security governance & risk
management
Security architecture
& design
Business continuity &
disaster recovery
Operations security
Physical security
Legal, regulations,
investigations & compliance
Resources
https://www.securecoding.cert.org/confluence/display/seccode/CERT+C+Secure+Coding+Standard
http://www.tldp.org/HOWTO/Secure-Programs-HOWTO/index.html