Skip to main content

12 Principles of Secure Linux Programming

1. Operate with least privilege

  • Hold privileges only while they're required.
  • Drop privileges permanently when they'll never be used again.
  • A privileged program should never exec a shell unless the environment can silently ignore set-user-ID and set-group-ID permissions.
  • Close all unnecessary file descriptors before an exec.

2. Avoid exposing sensitive information

  • Use mlock to lock access to the virtual memory page in use.
  • Prevent core dumps by using setrlimit.

3. Confine the process

  • Use capabilities and securebit flags whenever possible.
  • Establish a chroot jail to limit the set of directories and files that a program may access.
  • Use a virtual server: UML, Xen, KVM, etc.

4. Beware of signals and race conditions

  • Signals should be caught, blocked, or ignored to prevent possible security problems.

5. Pitfalls of file operations and file I/O

  • Umask should be set to a value that ensures the process never creates publicly writable files.
  • Use seteuid and setreuid to temporarily change process credentials to ensure new files do not belong to the wrong user.
  • Never create a file owned by the program owner.
  • Never allow other users to write to files that the process uses.
  • Use mkstemp to create files with unpredictable names.

6. Don't trust inputs or the environment

  • Do not assume values of environment variables are reliable.
  • Validate all inputs from untrusted sources.
  • Avoid unreliable assumptions about the process's run-time environment.

7. Beware of injection attacks

  • Use regex pattern matching to filter user inputs.
  • Encode user input into Base-64 encoded strings.
  • Never compare raw strings when checking credentials.

8. Beware of buffer overruns

  • Do not allow an input value or a copied string to exceed allocated buffer space.
  • Use if statements that prevent buffer overruns.

9. Beware of denial-of-service attacks

  • Minimize the risk and consequences of overload attacks.
    • Perform load throttling.
    • Use resource limits and disk quotas.
  • Employ timeouts for communication with clients.
  • Perform log throttling.
  • Perform bounds checking on data structures.
  • Design data structures that avoid algorithmic-complexity attacks.

10. Beware of database attacks

  • Always use a mutex to ensure the right process has access at the right time.
  • Use databases that enforce host-based security policies.
  • Use databases that enforce separation of database ownership and table ownership.

11. Check return statuses and fail safely

  • Always check the program's return values.
  • Store the value then check it before returning it.
  • Return it then ask for verification.
  • Unexpected situations must cause the program to terminate or drop the client request.

12. Beware of reverse-engineering attacks

  • Avoid hardcoding sensitive information in string literals.
  • Generate one-time IDs for runtime execution.
  • Salt IDs with unique hardware device addresses.

Do you have a suggestion about how to improve this blog? Let's talk about it. Contact me at David.Brenner.Jr@Gmail.com or 720-584-5229.

Comments

Post a Comment

Comments to this blog will be reviewed within 72 hours. No trolling please

Popular posts from this blog

Application behavior monitoring in Linux with Python

You can monitor application behaviors by collecting relevant machine data from your endpoint. You can use the machine data to investigate suspicious activity and create your own analysis. Before you start your investigation you will need to determine normal activity on your endpoint. Normal activity is the scope of functionality of the software on your endpoint during periods of low activity and high activity. You will need some kind of software that periodically collects specific machine data from your endpoint like my software developed in Python that's available for free download at https://github.com/davidbrennerjr/server-stats-collector Ingest one or more of the following machine data from Category #1. Ingest one or more of the following machine data from Category #2. Category #1 General system-wide error messages from /var/log/syslog Auditing logs of application rulesets Auditing logs of security contexts Auditing logs of
Post a Comment
Read more

Network traffic monitoring in Linux with Python

You can investigate suspicious activity in your network traffic by collecting relevant machine data from your endpoint. You can use the machine data to create your own analysis. Before you start your investigation you will need to determine normal activity on your endpoint. Normal activity is the scope of functionality of the software on your endpoint during periods of low activity and high activity. You will need some kind of software that periodically collects specific machine data from your endpoint like my software developed in Python that's available for free download at https://github.com/davidbrennerjr/server-stats-collector Ingest one or more of the following machine data: Application specific logs from /var/log Raw dumps from sniffing at Layers 2-3 Raw dumps from /proc of kernel data structures Raw dumps of kernel routing tables General system-wide error messages from /var/log/syslog Do you
Post a Comment
Read more

Continuous Integration (CI) Best Practices

Continuous Integration (CI) automates the building and testing of software in a test environment whenever a change is committed to a revision control system. CI performs QA testing of a change before adding it to the current working version. CI makes sure all development can be integrated into a build. CI Best Practices 1. Maintain a test environment that's a clone of the production environment. 2. Maintain a revision control system such as CVS, SVN or Git. 3. Automate the building of software and the documenting of code in the test environment. 4. Automate QA testing of a change then report that change to developers. 5. Commit changes regularly to avoid integration conflicts. 6. Monitor the revision control system for a commit then build the software before replacing the current working version. Do you have a suggestion about how to improve this blog? Let's talk about it. Contact me at David.Brenner.Jr@Gmail.com or 720-584-5229.
Post a Comment
Read more