87380 2002-12-31  15:24  /27 rader/ David Wheeler <dwheeler@ida.org>
Importerad: 2002-12-31  15:24  av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <2907>
Ärende: Updated "Secure Programming for Linux and Unix HOWTO" now available.
------------------------------------------------------------
The latest version of my book, "Secure Programming for Linux and Unix HOWTO",
is now available!  You can freely download it in a variety of formats at:
  http://www.dwheeler.com/secure-programs

This book provides a set of design and implementation guidelines for
writing  secure programs for Linux and Unix systems. Such programs
include application  programs used as viewers of remote data, web
applications (including CGI  scripts), network servers, and
setuid/setgid programs. This document includes  specific guidance for
a number of languages, including C, C++, Java, Perl,  Python, and
Ada95.

This is version 3.005, dated 30 December 2002.  Compared to version
3.000, this version adds new text on handling tmp files where there
are tmp cleaners running (true on most real systems - this causes
particular problems with mktemp(1)), notes on avoiding buffer
overflow in FD_SET/FD_CLR(), and a long discussion on a new attack
against web-based systems: session fixation.  I also added text about
protecting secrets in memory.

Enjoy, and happy new year.


--- David A. Wheeler
(87380) /David Wheeler <dwheeler@ida.org>/(Ombruten)