Hi, I am building my own TCP daemon for easing some routine admin stuff... I am no expert on security,. I would really appreciate it if someone sent me some pointers to writing TCP daemons that are hacker-proof( i know there is nothing like that...but I do not want to be making mistakes in coding that are well known.. ;) The daemon runs as root....so that is why I am woried.... Thx, Arni
Arni,> I am building my own TCP daemon for easing some routine admin stuff... I am > no expert on security,. I would really appreciate it if someone sent me some > pointers to writing TCP daemons that are hacker-proof( i know there is > nothing like that...but I do not want to be making mistakes in coding that > are well known.. ;) > > The daemon runs as root....so that is why I am woried....book: Practical UNIX & Internet Security (O'Reilly) linux security audit FAQ This contains abundant references to further things such as Matt Bishop's articles and Adam Shostack's review guide. http://www-jcr.lmh.ox.ac.uk./~security You could also try explaining what this tool does and why it is needed. If it is going to be open-source I'll have a look at it and you might want to invite comments from security-audit@ferret.lmh.ox.ac.uk. -- ############################################################## # Antonomasia ant@notatla.demon.co.uk # # See http://www.notatla.demon.co.uk/ # ##############################################################
Ami Here are a couple of resources to check out http://www.sunworld.com/sunworldonline/swol-08-1998/swol-08-security.html http://olympus.cs.ucdavis.edu/~bishop/ Matt Bishop has a good paper on writing secure setuid programs. I was fortunate enough to be at SANS in Baltimore to catch Mr. Bishops talk and got some very useful information for auditing code. I hope this helps you out, Cohen At 02:24 PM 11/26/99 -0500, Arni Raghu wrote:>Hi, >I am building my own TCP daemon for easing some routine admin stuff... I am >no expert on security,. I would really appreciate it if someone sent me some >pointers to writing TCP daemons that are hacker-proof( i know there is >nothing like that...but I do not want to be making mistakes in coding that >are well known.. ;) > >The daemon runs as root....so that is why I am woried.... > >Thx, >Arni > >-- >---------------------------------------------------------------------- >Please refer to the information about this list as well as general >information about Linux security at http://www.aoy.com/Linux/Security. >---------------------------------------------------------------------- > >To unsubscribe: > mail -s unsubscribe linux-security-request@redhat.com < /dev/null-- Imagine the impasse of a one god universe. God can not go anywhere because god is already everywhere. God can not do anything because the act of doing re supposes opposition. - W. S. Burroughs
On Fri, 26 Nov 1999, Arni Raghu wrote:> Hi, > I am building my own TCP daemon for easing some routine admin stuff... I am > no expert on security,. I would really appreciate it if someone sent me some > pointers to writing TCP daemons that are hacker-proof( i know there is > nothing like that...but I do not want to be making mistakes in coding that > are well known.. ;) > > The daemon runs as root....so that is why I am woried....You need to ask yourself "does this thing really need to run as root?" and "how can I do this without running as root or using suid or sgid bits?" -- David Griffith dgriffi@cs.csubak.edu