|
Secure Programming
Writing Secure code Dec 27 2002 12:46PM Rahul Chander Kashyap (rahul nsecure net) (6 replies) Re: Writing Secure code Dec 27 2002 06:03PM Valdis Kletnieks vt edu (2 replies) RE: Writing Secure code Dec 27 2002 08:51PM Roger Alexander (rta cs colostate edu) (1 replies) RE: Writing Secure code Dec 30 2002 12:41PM Matt McClellan (mmcclellan nfr com) (2 replies) Re: Writing Secure code[update] Dec 31 2002 10:20AM Rahul Chander Kashyap (rahul nsecure net) (2 replies) Re: Writing Secure code Dec 27 2002 05:43PM John Viega (viega list org) (2 replies) |
|
|
Privacy Statement |
Well, clearly the environment plays a factor. Indeed, we will agree
that an environment where there are no SMB shares, the applications I
was describing really can be "probably" secure if coded carefully
against possible risks from local users, because they don't have any
sensitive data themselves to manipulate and they don't introduce a path
to escalating privilege on the machine in which they run. In an
environment where there's only a single local user, then there really
is no issue.
However, when doing audits of the security of an application, we try to
assume the absolute worst case deployment environment. That is, you
should always be asking yourself about the circumstances that might
actually introduce risks you weren't already considering. Often, this
will lead you to risk from insiders, including physical security.
Usually, such risks aren't in a developer's threat model, even when
they should be.
John
On Friday, December 27, 2002, at 03:59 PM, Matt McClellan wrote:
> I would explicitly qualify "not exploitable" as "not exploitable in a
> given
> environment". Developers will generally have to make some assumptions
> when
> writing code. Take that code to an environment where one of the
> assumptions
> is invalid and there might be an exploit. I don't see how writing
> something
> that is absolutely "not exploitable" is any more possible than "total
> security".
>
> --Matt
>
>> -----Original Message-----
>> From: John Viega [mailto:viega (at) list (dot) org [email concealed]]
>> Sent: Friday, December 27, 2002 12:44 PM
>> To: Rahul Chander Kashyap
>> Cc: secprog (at) securityfocus (dot) com [email concealed]
>> Subject: Re: Writing Secure code
>>
>>
>> Of course it's possible to write something that's not exploitable.
>> However, it's tougher than most people think. For example, I've seen
>> applications that the authors assumed were not networked whatsoever,
>> and had no special local privilege. However, if the files they read
>> and wrote were stored on a remote file system such as an SMB mount,
>> then their otherwise non-networked program was completely exploitable.
>>
>> John
>>
>> On Friday, December 27, 2002, at 07:46 AM, Rahul Chander Kashyap
>> wrote:
>>
>>> Hi people,
>>>
>>> I've been going through some articles on how to write secure code
>>> esp.
>>> from: http://www.shmoo.com/securecode/
>>>
>>> I am looking for something more specific for the windows platform.
>>> Are
>>> there any specific guidelines/standards that one could follow?
>>>
>>> And one more thing...<this one might be intresting ;-)> Is it
>>> possible
>>> to write code that is completely secure and not exploitable?
>>>
>>> Thanks for parsing thru my mail :-)
>>>
>>> Regards,
>>>
>>> Rahul Kashyap
>>>
>>> www.nsecure.net
>>> ------------------------
>>> Layered Defence
>>> ------------------------
>>>
>>>
>>
>>
>
[ reply ]