Secure Programming for Linux and Unix HOWTO -- Creating Secure Software

Picture of David A. Wheeler This is the main web site for my free book, the Secure Programming for Linux and Unix HOWTO. This book provides a set of design and implementation guidelines for writing secure programs for Linux and Unix systems. Such programs include application programs used as viewers of remote data, web applications (including CGI scripts), network servers, and setuid/setgid programs. This document includes specific guidance for a number of languages, including C, C++, Java, Perl, Python, and Ada95. I give this book away in the hope that future software developers won't repeat past mistakes, resulting in more secure systems.

Getting the Book

Most readers will want to either:

  1. View the online version (as multipage HTML)
  2. Download for printing (as PDF)

The current version is version 3.50, 22 August 2004. You may want the older version 3.012 of 20 July 2003, which is available as HTML, PDF, or SGML.

This document is part of the Linux Documentation Project (LDP), and hence is also distributed in various Linux distributions. However, note that the LDP's version or the version in a CD-ROM distribution may not be as current as the main (master) web site at http://www.dwheeler.com/secure-programs.

Presentations

Many of my graduate school presentations on developing secure software are available. These presentations are from the graduate course I teach George Mason University (SWE 681/ISA 681) on the design and implementation of secure software. Reading presentations is not the same as taking a class, but you may find them very helpful.

Here are presentation slides from my one-hour version:

I've given the presentation several places, including FOSDEM 2002 (Belgium), the Software Productivity Consortium (Virginia), and the University of Baltimore (Maryland). Note that the slides are not released under the same license as the book. Some users of ggv have reported problems with reading this file; use xpdf or Adobe Acrobat instead if you do.

Columns

My developerWorks column on developing secure programs is on-line; you can see the entire secure programmer series of articles. You can also jump right to article #1 (developing secure programs), article #2 (validating input), article #3 (keep an eye on input, identifying various input sources), article #4 (countering buffer overflows), article #5 (minimizing privileges), article #6 (preventing race conditions), and article #7 (call components safely).

You can also see Write It Secure: Format Strings and Locale Filtering that I wrote for E-Security Journal.

If you're looking for information on how to secure your Microsoft Windows system, look at my essay on How to Secure Microsoft Windows (for home and small business users).

Kudos

Many people have said nice things about my book. Here's a few:

Other formats

The book is available in various other formats:

  1. Postscript
  2. HTML (all in one big file)
  3. RTF (note: some programs may show the TOC page numbers starting with "000"; if so, select-all and then update-field-codes)
  4. Plucker (zlib compression) (for Palm PDAs; you'll need to install Plucker, which is a good idea)
  5. tarball (of the multipage/chunked HTML files)
  6. ASCII text
  7. gzipped SGML (DocBook DTD) and related files (makefile, ChangeLog, etc.)

Comments?

If you have comments, proposed improvements, or intend to translate it to another human language, please send email to me. I edit the SGML (DocBook DTD) file; all the other formats are generated from this master version. You can also see the ChangeLog, and users of the SGML format may find the makefile useful. As of February 28, 2002, I've switched to the LDP's document generation process (e.g., using HTMLDOC), which I think generates nicer results than the tools I had been using before. Notice that as of version 2.00, the document is in SGML using the DocBook DTD; previous versions up through version 1.60 were in SGML but they used the Linuxdoc DTD. I've kept old versions of this document to help translators deal with this transition in format.

I realize that some other articles/books have shown up since. These include Top 10 Ajax Security Holes and Driving Factors by Shreeraj Shah - net square (10 November 2006).

Translations

Various translations are available:

I cannot guarantee that the translations accurately reflect the original English work; I'm sorry, but I'm simply not qualified to judge that. If you find an error in translation, please contact the translators directly. If you find an error in the underlying content, or do not get satisfaction when reporting errors to the translator, then contact me.

I hope to mention or link to additional translations as I learn about them. Please contact me before translating, so that duplicate work can be avoided (for example, perhaps multiple translators could divide the work), and let me know when you're done. I am very grateful to these people who have taken the time to translate this fairly lengthy work.

Miscellaneous

I have a few little scripts and programs here that are related to the book's material, for example, url.pl is a short script I use for testing the complex URI validation patterns.

Originally this document was the ``Secure Programming for Linux HOWTO'', but I've expanded it to cover Unix systems too.

This document keeps getting longer than the typical HOWTO; I may eventually split this into a ``short form'' and a ``longer form''. I'm also thinking about how to handle publication for the ``long form'', since I think many people will want a nice bound version of it so they can read it easily.

When I wrote the original work there wasn't anything else out there. In fact, this was the first book on how to develop secure programs written for software developers. Previous books tended to be written for security specialists (not developers), or had high-level priniciples instead of detailed information that a programmer could actually use. Now there are lots of materials (hooray!). Dr. Holger Peine has lecture notes for a college class available on-line. Robert C. Seacord has his CMU lecture online. Google's Browser Security Handbook is also available.

You might want to see other works of mine about security. My program flawfinder is a source code security scanning tool (a "static analyzer") that reports on likely security problems in source code; its home page links to other analysis programs and papers about them. My paper on Software Configuration Management (SCM) Security describes security requirements that can be useful for SCM systems. Securing Microsoft Windows (for Home and Small Business Users) explains how you can get some basic security measures set up on Windows. My paper Countering Trusting Trust through Diverse Double-Compiling describes a technique for countering the "uncounterable" Trusting Trust attack; while I didn't come up with the original idea, I developed it from an idea described in a few sentences to a justification and demonstration that it actually works.

If you are interested high assurance software or free-libre/open source software (FLOSS), take a peek at my paper High Assurance (for Security or Safety) and Free-Libre / Open Source Software (FLOSS), which examines the relationship between them; in particular, it lists FLOSS tools that can be helpful in developing higher-assurance software.

Some other papers of mine might be of interest to you. For example, many look at my paper Why Open Source Software / Free Software? Look at the Numbers! Feel free to see my main web site at http://www.dwheeler.com.