FW: Updated "Secure Programming for Linux and Unix HOWTO" now available.

Per chi non legge bugtraq, ma programma sotto unix.

~misi
 


-----Original Message-----
From: David Wheeler [mailto:dwheeler@ida.org] 
Sent: Monday, 30 December, 2002 09:18 PM
To: bugtraq@securityfocus.com
Subject: Updated "Secure Programming for Linux and Unix HOWTO" now
available.


The latest version of my book, "Secure Programming for Linux and Unix
HOWTO", is now available!  You can freely download it in a variety of
formats at:
  http://www.dwheeler.com/secure-programs

This book provides a set of design and implementation guidelines for
writing 
secure programs for Linux and Unix systems. Such programs include
application 
programs used as viewers of remote data, web applications (including CGI

scripts), network servers, and setuid/setgid programs. This document
includes 
specific guidance for a number of languages, including C, C++, Java,
Perl, 
Python, and Ada95.

This is version 3.005, dated 30 December 2002.
Compared to version 3.000, this version adds new text on handling tmp
files where there are tmp cleaners running (true on most real systems -
this causes particular problems with mktemp(1)), notes on avoiding
buffer overflow in FD_SET/FD_CLR(), and a long discussion on a new
attack against web-based systems: session fixation.  I also added text
about protecting secrets in memory.

Enjoy, and happy new year.


--- David A. Wheeler





________________________________________________________
http://www.sikurezza.org - Italian Security Mailing List