Secure Programming for Linux and Unix HOWTO -- Creating Secure Software

Picture of David A. Wheeler This is the main web site for my free book, the Secure Programming for Linux and Unix HOWTO. This book provides a set of design and implementation guidelines for writing secure programs for Linux and Unix systems. Such programs include application programs used as viewers of remote data, web applications (including CGI scripts), network servers, and setuid/setgid programs. This document includes specific guidance for a number of languages, including C, C++, Java, Perl, Python, and Ada95. I give this book away in the hope that future software developers won't repeat past mistakes, resulting in more secure systems.

Getting the Book

Most readers will want to either:

  1. View the online version (as multipage HTML)
  2. Download for printing (as PDF)

This document is part of the Linux Documentation Project (LDP), and hence is also distributed in various Linux distributions. However, note that the LDP's version or the version in a CD-ROM distribution may not be as current as the main (master) web site at http://www.dwheeler.com/secure-programs.

Columns

My developerWorks column on developing secure programs is on-line; you can see the entire secure programmer series of articles. You can also jump right to article #1 (developing secure programs), article #2 (validating input), article #3 (keep an eye on input, identifying various input sources), article #4 (countering buffer overflows), article #5 (minimizing privileges), article #6 (preventing race conditions), and article #7 (call components safely).

You can also see Write It Secure: Format Strings and Locale Filtering that I wrote for E-Security Journal.

If you're looking for information on how to secure your Microsoft Windows system, look at my essay on How to Secure Microsoft Windows (for home and small business users).

Presentation

I occasionally give a presentation on how to write secure programs for Linux and Unix systems, based on the material in the book. Here are presentation slides from my one-hour version:

I've given the presentation several places, including FOSDEM 2002 (Belgium), the Software Productivity Consortium (Virginia), and the University of Baltimore (Maryland). Note that the slides are not released under the same license as the book. Some users of ggv have reported problems with reading this file; use xpdf or Adobe Acrobat instead if you do.

Other formats

The book is available in various other formats:

  1. Postscript
  2. HTML (all in one big file)
  3. RTF (note: some programs may show the TOC page numbers starting with "000"; if so, select-all and then update-field-codes)
  4. Plucker (zlib compression) (for Palm PDAs; you'll need to install Plucker, which is a good idea)
  5. tarball (of the multipage/chunked HTML files)
  6. ASCII text
  7. gzipped SGML (DocBook DTD) and related files (makefile, ChangeLog, etc.)

Kudos

Many people have said nice things about my book. Here's what secure coding had to say about my book: "Another outstanding online resource for examples of secure coding is the "Secure Programming for Linux and UNIX HOWTO", by David Wheeler. It's available online... While the entire volume is strong, we liked particularly David's discussion of making safe temporary files in C."

Comments?

If you have comments, proposed improvements, or intend to translate it to another human language, please send email to me. I edit the SGML (DocBook DTD) file; all the other formats are generated from this master version. You can also see the ChangeLog, and users of the SGML format may find the makefile useful. As of February 28, 2002, I've switched to the LDP's document generation process (e.g., using HTMLDOC), which I think generates nicer results than the tools I had been using before. Notice that as of version 2.00, the document is in SGML using the DocBook DTD; previous versions up through version 1.60 were in SGML but they used the Linuxdoc DTD. I've kept old versions of this document to help translators deal with this transition in format.

I realize that some other articles/books have shown up since. These include Top 10 Ajax Security Holes and Driving Factors by Shreeraj Shah - net square (10 November 2006).

Translations

Various translations are available:

I cannot guarantee that the translations accurately reflect the original English work; I'm sorry, but I'm simply not qualified to judge that. If you find an error in translation, please contact the translators directly. If you find an error in the underlying content, or do not get satisfaction when reporting errors to the translator, then contact me.

I hope to mention or link to additional translations as I learn about them. Please contact me before translating, so that duplicate work can be avoided (for example, perhaps multiple translators could divide the work), and let me know when you're done. I am very grateful to these people who have taken the time to translate this fairly lengthy work.

Miscellaneous

I have a few little scripts and programs here that are related to the book's material, for example, url.pl is a short script I use for testing the complex URI validation patterns.

Originally this document was the ``Secure Programming for Linux HOWTO'', but I've expanded it to cover Unix systems too.

This document keeps getting longer than the typical HOWTO; I may eventually split this into a ``short form'' and a ``longer form''. I'm also thinking about how to handle publication for the ``long form'', since I think many people will want a nice bound version of it so they can read it easily.

When I wrote the original work there wasn't anything else out there (it was the first book on the topic). Now there are lots of materials. Dr. Holger Peine has lecture notes for a college class available on-line. Robert C. Seacord has his CMU lecture online.

You might want to see other works of mine about security. My program flawfinder is a source code security scanning tool (a "static analyzer") that reports on likely security problems in source code; its home page links to other analysis programs and papers about them. My slides on Java Security. might be of interest. My paper on Software Configuration Management (SCM) Security describes security requirements that can be useful for SCM systems. Securing Microsoft Windows (for Home and Small Business Users) explains how you can get some basic security measures set up on Windows. My paper Countering Trusting Trust through Diverse Double-Compiling describes a technique for countering the "uncounterable" Trusting Trust attack; while I didn't come up with the original idea, I developed it from an idea described in a few sentences to a justification and demonstration that it actually works.

If you are interested high assurance software or free-libre/open source software (FLOSS), take a peek at my paper High Assurance (for Security or Safety) and Free-Libre / Open Source Software (FLOSS), which examines the relationship between them.

Some other papers of mine might be of interest to you. For example, many look at my paper Why Open Source Software / Free Software? Look at the Numbers! Feel free to see my main web site at http://www.dwheeler.com.