Secure C programming

[Rico Secada]

Hi.

Doesn't there exist any complete texts on what to do and not do when
programming in C, from a security perspective?

Preferably with examples.

Best regards.

Rico.

 

[Walter Roberson]

Doesn't there exist any complete texts on what to do and not do when
programming in C, from a security perspective?

No, no text on security can be complete, particularily if you
mean "programming in C" in the larger sense of allowing system
extensions and calls to the operating system, not just using the
functions provided as part of the C language and standard C library
itself.

 

[jacob navia]

Hi.

Doesn't there exist any complete texts on what to do and not do when
programming in C, from a security perspective?

Preferably with examples.

Best regards.

Rico.

There are several good books.
1)
“Safer C”
Les Hatton

2)
Writing secure code
Howard and LeBlanc

3)
Secure coding in C and C++
Robert C Seacord

I find the first one the best.

 

[jacob navia]

No, no text on security can be complete, particularily if you
mean "programming in C" in the larger sense of allowing system
extensions and calls to the operating system, not just using the
functions provided as part of the C language and standard C library
itself.

Why do you ignore the very rich literature about this?
All those books are just nonsense?

Please, if you do not know this subject, do not send this kind
of misinformation.

Thanks

 

[Harald van Dijk]

Why do you ignore the very rich literature about this? All those books
are just nonsense?

They are not complete. They are not nonsense, but for any book on
security, there will be issues not addressed.

 

[Walter Roberson]

Why do you ignore the very rich literature about this?
All those books are just nonsense?

I did't say that any reference material on the subject was "nonsense":
I said that it wasn't "complete".

Please, if you do not know this subject, do not send this kind
of misinformation.

"Security is a process, not a product."

(Bruce Schneier, "Secrets and Lies", preface
http://www.schneier.com/book-sandl-pref.html )

If you could create a *complete* text on security in C (especially
if OS calls are to be allowed) then you would have created a security
*product*, a finished thing that you expected would be secure against
all known and yet-to-be-discovered attacks. Security in the real world
doesn't work that way.

There can be texts describing lessons learned from the past and
giving very valuable information about how to avoid what has gone
before -- but those texts are not going to be *complete*.


Perhaps, Jacob, this is a language difference. In English, a "complete
text" would be one that contains everything there is to know about the
subject, not just everything -currently- known on an evolving topic.
For example, there could hypothetically be a "complete" book describing
every type of Wedgewood china made between 1914 and 1952, but there
cannot, for example, be a "complete" book describing all the species of
worms on earth, as there are many still unclassified and many still
being discovered.

 

[Randy Howard]

There are several good books.
1)
“Safer C”
Les Hatton

2)
Writing secure code
Howard and LeBlanc

3)
Secure coding in C and C++
Robert C Seacord

I find the first one the best.

And if you want to know what the black hats are up to, reading The
Shellcoder's Handbook, by Koziol and others is a good start.

 

[Robert Gamble]

There are several good books.
1)
"Safer C"
Les Hatton

2)
Writing secure code
Howard and LeBlanc

3)
Secure coding in C and C++
Robert C Seacord

I find the first one the best.

I've never seen the first one so I can't comment. From the table of
contents and the reviews I have read, the second one appears to be
strongly focused on Windows. The last one is on my bookshelf, I would
definitely recommend it.

 

[Ivan Novick]

Hi.

Doesn't there exist any complete texts on what to do and not do when
programming in C, from a security perspective?

Preferably with examples.

Best regards.

Rico.

Ummm... not sure that question really makes any sense.

It completely depends on what type of app you are creating and what
"security" threats you are trying to defend against.

Regards,
Ivan Novick
http://www.0x4849.net

 

[Rico Secada]

I've never seen the first one so I can't comment. From the table of
contents and the reviews I have read, the second one appears to be
strongly focused on Windows. The last one is on my bookshelf, I would
definitely recommend it.

Thank you both for those recommendations! Just what I was looking for.

 

[Chris Thomasson]

Hi.

Doesn't there exist any complete texts on what to do and not do when
programming in C, from a security perspective?

Preferably with examples.

Don't program C if you don't know how to avoid common pitfalls; C gets a bad
rap sometimes. It's the fault of all the _lazy/crap_ programmers out there
which frequently create applications that do not even seem to have any sense
of where there buffer(s) begin, or _end_!!

Yikes! ;^(...

 

[frido]

I'd like to add
1) Secure programming cookbook
2)
https://www.securecoding.cert.org/c...C+Programming+Language+Secure+Coding+Standard
does not look that bad either

Regards
Friedrich

 

[Chris Hills]

Hi.

Doesn't there exist any complete texts on what to do and not do when
programming in C, from a security perspective?

No... In a word.

There are several general texts. For example Les Hatton's Safer C

Then there is
https://www.securecoding.cert.org/confluence/display/seccode/CERT+Secure+
Coding+Standards

Parts of it are based on MISRA-C:1998.

There is an ISO working group on Vulnerabilities looking at language
vulnerabilities generically and specifically across a range of languages
including C. It is intended that the MISRA-C:2010 will also
incorporate the relevant parts of OWG-V and cover C security as well as
safety

The work shows that there is a major overlap between safety-reliability
and security. In fact we found that the two communities were often
looking at the same problem with a different perspective.

Safety wants a robust and reliable system no matter what happens i.e.
random inputs and accidental problems etc. where as security wants the
same but assumes intentional and intelligent abuse of the system. In
many cases it is the same problem just worded differently.

The problem with C is there are two types of security threat. C
language generic and architecture-compiler specific.

So it depends on what you are developing on what architecture with which
compiler.

 

[jacob navia]

Don't program C if you don't know how to avoid common pitfalls; C gets a
bad rap sometimes. It's the fault of all the _lazy/crap_ programmers out
there which frequently create applications that do not even seem to have
any sense of where there buffer(s) begin, or _end_!!

Yikes! ;^(...

Here we have the example of somebody that can't answer a simple
question and starts ranting for no reason.

 

[Rico Secada]

Don't program C if you don't know how to avoid common pitfalls; C
gets a bad rap sometimes. It's the fault of all the _lazy/crap_
programmers out there which frequently create applications that do
not even seem to have any sense of where there buffer(s) begin, or
_end_!!

Yikes! ;^(...

Dude!? Its like saying "Don't approach the water if you don't know how
to swim!", well how do you then learn to swim, if you can't approach
the water. Damn!

 

[Chris Thomasson]

Here we have the example of somebody that can't answer a simple
question and starts ranting for no reason.

[...]

Sorry about that. It just that C can be used to create bug-free programs. It
takes a level of level that a lot of programmers don't seem to have...

Is that a radical line of thinking?

 

[Chris Thomasson]

Here we have the example of somebody that can't answer a simple
question and starts ranting for no reason.

[...]

Sorry about that. It just that C can be used to create bug-free programs.
It takes a level of level that a lot of programmers don't seem to have...

^^^^^^^^^^^^^^^^^^^^^^^^

level of patience

 

[jacob navia]

Here we have the example of somebody that can't answer a simple
question and starts ranting for no reason.

[...]

Sorry about that. It just that C can be used to create bug-free
programs. It takes a level of level that a lot of programmers don't seem
to have...

Is that a radical line of thinking?

This is a much better answer. A person that wants to learn how
to program in C without doing the beginner's mistakes is well
server by a good book. And there are good ones, as many people
here have pointed out.

Thanks for clarifying your position.

 

[Golden California Girls]

Don't program C if you don't know how to avoid common pitfalls; C gets a
bad rap sometimes. It's the fault of all the _lazy/crap_ programmers out
there which frequently create applications that do not even seem to have
any sense of where there buffer(s) begin, or _end_!!

Yikes! ;^(...

Think your finger is pointing in the wrong direction. Anyone who knows humans
knows that an IQ of 100 is average. A person who designs something that they
know will be used by an average person but doesn't design it for use by such a
person is the one who should have the fault heaped on them. When the standard
library and strings were defined, security may not have been an issue. Bad
future prediction I will forgive. However I can't forgive the standards people
for continuing to permit it. Depreciated should be enforced. Yes, break the
program or make them compile it under the old standard.

 

[Walter Roberson]

A person who designs something that they
know will be used by an average person but doesn't design it for use by such a
person is the one who should have the fault heaped on them.

I really don't think that the people who designed C had in mind
designing it for use by the "average person". They were trying
to solve a specific problem, not trying to create something for
the average person to use.