Sophie

Sophie

distrib > Mandriva > 9.2 > i586 > by-pkgid > a804ef007a99f7d26cf24253c2994680 > files > 1287

howto-html-ja-9.1-0.5mdk.noarch.rpm

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
 <META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
 <TITLE>Secure Programming for Linux HOWTO: $B;29MJ88%(B</TITLE>
 <LINK HREF="Secure-Programs-HOWTO-12.html" REL=next>
 <LINK HREF="Secure-Programs-HOWTO-10.html" REL=previous>
 <LINK HREF="Secure-Programs-HOWTO.html#toc11" REL=contents>
</HEAD>
<BODY>
<A HREF="Secure-Programs-HOWTO-12.html">$B<!$N%Z!<%8(B</A>
<A HREF="Secure-Programs-HOWTO-10.html">$BA0$N%Z!<%8(B</A>
<A HREF="Secure-Programs-HOWTO.html#toc11">$BL\<!$X(B</A>
<HR>
<H2><A NAME="s11">11. $B;29MJ88%(B</A></H2>

<P><I>$BCm0U$7$FM_$7$$$N$O!"$3$3$G$O(B Web $B%5%$%H$GMxMQ2DG=$J5;=QJ88%$rCf?4$K(B
$B$"$2$F$$$k$3$H$G$9!#5;=QE*$J>pJs$N$[$H$s$I$,(B Web $B%5%$%H$+$iF~<j$G$-$k(B
$B$+$i$G$9!#(B</I>
<P>[Al-Herbish 1999]
Al-Herbish, Thamer.
1999.
<I>Secure Unix Programming FAQ</I>.
<A HREF="http://www.whitefang.com/sup">http://www.whitefang.com/sup</A>.
<P>[Aleph1 1996] 
Aleph1.
November 8, 1996.
``Smashing The Stack For Fun And Profit.''
<I>Phrack Magazine</I>.
Issue 49, Article 14.
<A HREF="http://www.phrack.com/search.phtml?view&amp;article=p49-14">http://www.phrack.com/search.phtml?view&amp;article=p49-14</A>
or alternatively
<A HREF="http://www.2600.net/phrack/p49-14.html">http://www.2600.net/phrack/p49-14.html</A>.
<P>[Anonymous unknown]
<I>SETUID(7)</I>
<A HREF="http://www.homeport.org/~adam/setuid.7.html">http://www.homeport.org/~adam/setuid.7.html</A>.
<P>[AUSCERT 1996]
Australian Computer Emergency Response Team (AUSCERT) and O'Reilly.
May 23, 1996 (rev 3C).
<I>A Lab Engineers Check List for Writing Secure Unix Code</I>.
<A HREF="ftp://ftp.auscert.org.au/pub/auscert/papers/secure_programming_checklist">ftp://ftp.auscert.org.au/pub/auscert/papers/secure_programming_checklist</A><P>[Bach 1986]
Bach, Maurice J.
1986.
<I>The Design of the Unix Operating System</I>.
Englewood Cliffs, NJ: Prentice-Hall, Inc.
ISBN 0-13-201799-7 025.
<P>[Bellovin 1989]
Bellovin, Steven M.
April 1989. 
"Security Problems in the TCP/IP Protocol Suite"
Computer Communications Review 2:19, pp. 32-48.
<A HREF="http://www.research.att.com/~smb/papers/ipext.pdf">http://www.research.att.com/~smb/papers/ipext.pdf</A><P>[Bellovin 1994]
Bellovin, Steven M.
December 1994.
<I>Shifting the Odds -- Writing (More) Secure Software</I>.
Murray Hill, NJ: AT&amp;T Research.
<A HREF="http://www.research.att.com/~smb/talks">http://www.research.att.com/~smb/talks</A><P>[Bishop 1996]
Bishop, Matt.
May 1996.
``UNIX Security: Security in Programming.''
<I>SANS '96</I>. Washington DC (May 1996).
<A HREF="http://olympus.cs.ucdavis.edu/~bishop/secprog.html">http://olympus.cs.ucdavis.edu/~bishop/secprog.html</A><P>[Bishop 1997]
Bishop, Matt.
October 1997.
``Writing Safe Privileged Programs.''
<I>Network Security 1997</I>
New Orleans, LA.
<A HREF="http://olympus.cs.ucdavis.edu/~bishop/secprog.html">http://olympus.cs.ucdavis.edu/~bishop/secprog.html</A><P>[CC 1999]
<I>The Common Criteria for Information Technology Security Evaluation
(CC)</I>.
August 1999.
Version 2.1.
Technically identical to International Standard ISO/IEC 15408:1999.
<A HREF="http://csrc.nist.gov/cc/ccv20/ccv2list.htm">http://csrc.nist.gov/cc/ccv20/ccv2list.htm</A><P>
<P>[CERT 1998]
Computer Emergency Response Team (CERT) Coordination Center (CERT/CC).
February 13, 1998.
<I>Sanitizing User-Supplied Data in CGI Scripts</I>.
CERT Advisory CA-97.25.CGI_metachar.
<A HREF="http://www.cert.org/advisories/CA-97.25.CGI_metachar.html">http://www.cert.org/advisories/CA-97.25.CGI_metachar.html</A>.
<P>[CMU 1998]
Carnegie Mellon University (CMU).
February 13, 1998
Version 1.4.
``How To Remove Meta-characters From User-Supplied Data In CGI Scripts.''
<A HREF="ftp://ftp.cert.org/pub/tech_tips/cgi_metacharacters">ftp://ftp.cert.org/pub/tech_tips/cgi_metacharacters</A>.
<P>[Cowan 1999]
Cowan, Crispin, Perry Wagle, Calton Pu, Steve Beattie, and
Jonathan Walpole.
``Buffer Overflows: Attacks and Defenses for the Vulnerability
of the Decade.''
Proceedings of DARPA Information Survivability Conference and Expo (DISCEX),
<A HREF="http://schafercorp-ballston.com/discex">http://schafercorp-ballston.com/discex</A>
To appear at SANS 2000,
<A HREF="http://www.sans.org/newlook/events/sans2000.htm">http://www.sans.org/newlook/events/sans2000.htm</A>.
For a copy, see
<A HREF="http://immunix.org/documentation.html">http://immunix.org/documentation.html</A>.
<P>[Fenzi 1999]
Fenzi, Kevin, and Dave Wrenski.
April 25, 1999.
<I>Linux Security HOWTO</I>.
Version 1.0.2.
<A HREF="http://www.linuxdoc.org/HOWTO/Security-HOWTO.html">http://www.linuxdoc.org/HOWTO/Security-HOWTO.html</A><P>[FreeBSD 1999]
FreeBSD, Inc.
1999.
``Secure Programming Guidelines.''
<I>FreeBSD Security Information</I>.
<A HREF="http://www.freebsd.org/security/security.html">http://www.freebsd.org/security/security.html</A><P>[FSF 1998]
Free Software Foundation.
December 17, 1999.
<I>Overview of the GNU Project</I>.
<A HREF="http://www.gnu.ai.mit.edu/gnu/gnu-history.html">http://www.gnu.ai.mit.edu/gnu/gnu-history.html</A><P>[Galvin 1998a]
Galvin, Peter.
April 1998.
``Designing Secure Software''.
<I>Sunworld</I>.
<A HREF="http://www.sunworld.com/swol-04-1998/swol-04-security.html">http://www.sunworld.com/swol-04-1998/swol-04-security.html</A>.
<P>[Galvin 1998b]
Galvin, Peter.
August 1998.
``The Unix Secure Programming FAQ''.
<I>Sunworld</I>.
<A HREF="http://www.sunworld.com/sunworldonline/swol-08-1998/swol-08-security.html">http://www.sunworld.com/sunworldonline/swol-08-1998/swol-08-security.html</A><P>[Garfinkel 1996]
Garfinkel, Simson and Gene Spafford.
April 1996.
<I>Practical UNIX &amp; Internet Security, 2nd Edition</I>.
ISBN 1-56592-148-8.
Sebastopol, CA: O'Reilly &amp; Associates, Inc. 
<A HREF="http://www.oreilly.com/catalog/puis">http://www.oreilly.com/catalog/puis</A><P>[Gong 1999]
Gong, Li.
June 1999.
<I>Inside Java 2 Platform Security</I>.
Reading, MA: Addison Wesley Longman, Inc.
ISBN 0-201-31000-7.
<P>[Gundavaram Unknown]
Gundavaram, Shishir, and Tom Christiansen.
Date Unknown.
<I>Perl CGI Programming FAQ</I>.
<A HREF="http://language.perl.com/CPAN/doc/FAQs/cgi/perl-cgi-faq.html">http://language.perl.com/CPAN/doc/FAQs/cgi/perl-cgi-faq.html</A><P>[Kim 1996]
Kim, Eugene Eric.
1996.
<I>CGI Developer's Guide</I>.
SAMS.net Publishing.
ISBN: 1-57521-087-8
<A HREF="http://www.eekim.com/pubs/cgibook">http://www.eekim.com/pubs/cgibook</A><P>[McClure 1999]
McClure, Stuart, Joel Scambray, and George Kurtz.
1999.
<I>Hacking Exposed: Network Security Secrets and Solutions</I>.
Berkeley, CA: Osbourne/McGraw-Hill.
ISBN 0-07-212127-0.
<P>[Miller 1999]
Miller, Todd C. and Theo de Raadt.
``strlcpy and strlcat -- Consistent, Safe, String Copy and Concatenation''
<I>Proceedings of Usenix '99</I>.
<A HREF="http://www.usenix.org/events/usenix99/millert.html">http://www.usenix.org/events/usenix99/millert.html</A> and
<A HREF="http://www.usenix.org/events/usenix99/full_papers/millert/PACKING_LIST">http://www.usenix.org/events/usenix99/full_papers/millert/PACKING_LIST</A><P>[Mudge 1995]
Mudge.
October 20, 1995.
<I>How to write Buffer Overflows</I>.
l0pht advisories.
<A HREF="http://www.l0pht.com/advisories/bufero.html">http://www.l0pht.com/advisories/bufero.html</A>.
<P>[OSI 1999].
Open Source Initiative.
1999.
<I>The Open Source Definition</I>.
<A HREF="http://www.opensource.org/osd.html">http://www.opensource.org/osd.html</A>.
<P>[Pfleeger 1997]
Pfleeger, Charles P.
1997.
<I>Security in Computing.</I>
Upper Saddle River, NJ: Prentice-Hall PTR.
ISBN 0-13-337486-6.
<P>[Phillips 1995]
Phillips, Paul.
September 3, 1995.
<I>Safe CGI Programming</I>.
<A HREF="http://www.go2net.com/people/paulp/cgi-security/safe-cgi.txt">http://www.go2net.com/people/paulp/cgi-security/safe-cgi.txt</A><P>[Raymond 1997]
Raymond, Eric.
1997.
<I>The Cathedral and the Bazaar</I>.
<A HREF="http://www.tuxedo.org/~esr/writings/cathedral-bazaar">http://www.tuxedo.org/~esr/writings/cathedral-bazaar</A><P>[Raymond 1998]
Raymond, Eric.
April 1998.
<I>Homesteading the Noosphere</I>.
<A HREF="http://www.tuxedo.org/~esr/writings/homesteading/homesteading.html">http://www.tuxedo.org/~esr/writings/homesteading/homesteading.html</A><P>[Ranum 1998]
Ranum, Marcus J.
1998.
<I>Security-critical coding for programmers -
a C and UNIX-centric full-day tutorial</I>.
<A HREF="http://www.clark.net/pub/mjr/pubs/pdf/">http://www.clark.net/pub/mjr/pubs/pdf/</A>.
<P>[RFC 822]
August 13, 1982
<I>Standard for the Format of ARPA Internet Text Messages</I>.
IETF RFC 822.
<A HREF="http://www.ietf.org/rfc/rfc0822.txt">http://www.ietf.org/rfc/rfc0822.txt</A>.
<P>[rfp 1999].
rain.forest.puppy.
``Perl CGI problems.''
<I>Phrack Magazine</I>.
Issue 55, Article 07.
<A HREF="http://www.phrack.com/search.phtml?view&amp;article=p55-7">http://www.phrack.com/search.phtml?view&amp;article=p55-7</A>.
<P>[Saltzer 1974]
Saltzer, J.
July 1974.
``Protection and the Control of Information Sharing in MULTICS.''
<I>Communications of the ACM</I>.
v17 n7.
pp. 388-402.
<P>[Saltzer 1975]
Saltzer, J., and M. Schroeder.
September 1975.
``The Protection of Information in Computing Systems.''
<I>Proceedings of the IEEE</I>.
v63 n9.
pp. 1278-1308.
Summarized in [Pfleeger 1997, 286].
<P>[Schneier 1998]
Schneier, Bruce and Mudge.
November 1998.
<I>Cryptanalysis of Microsoft's Point-to-Point Tunneling Protocol (PPTP)</I>
Proceedings of the 5th ACM Conference on Communications and Computer Security,
ACM Press.
<A HREF="http://www.counterpane.com/pptp.html">http://www.counterpane.com/pptp.html</A>.
<P>[Schneier 1999]
Schneier, Bruce.
September 15, 1999.
``Open Source and Security.''
<I>Crypto-Gram</I>.
Counterpane Internet Security, Inc.
<A HREF="http://www.counterpane.com/crypto-gram-9909.html">http://www.counterpane.com/crypto-gram-9909.html</A><P>[Seifried 1999]
Seifried, Kurt.
October 9, 1999.
<I>Linux Administrator's Security Guide</I>.
<A HREF="http://www.securityportal.com/lasg">http://www.securityportal.com/lasg</A>.
<P>[Shostack 1999]
Shostack, Adam.
June 1, 1999.
<I>Security Code Review Guidelines</I>.
<A HREF="http://www.homeport.org/~adam/review.html">http://www.homeport.org/~adam/review.html</A>.
<P>[Sitaker 1999]
Sitaker, Kragen.
Feb 26, 1999.
<I>How to Find Security Holes</I>
<A HREF="http://www.pobox.com/~kragen/security-holes.html">http://www.pobox.com/~kragen/security-holes.html</A> and
<A HREF="http://www.dnaco.net/~kragen/security-holes.html">http://www.dnaco.net/~kragen/security-holes.html</A><P>[SSE-CMM 1999]
SSE-CMM Project.
April 1999.
<I>System Security Engineering Capability Maturity Model (SSE CMM)
Model Description Document</I>.
Version 2.0.
<A HREF="http://www.sse-cmm.org">http://www.sse-cmm.org</A><P>[Stein 1999].
Stein, Lincoln D.
September 13, 1999.
<I>The World Wide Web Security FAQ</I>.
Version 2.0.1
<A HREF="http://www.w3.org/Security/Faq/www-security-faq.html">http://www.w3.org/Security/Faq/www-security-faq.html</A><P>[Thompson 1974]
Thompson, K. and D.M. Richie.
July 1974.
``The UNIX Time-Sharing System.''
<I>Communications of the ACM</I>
Vol. 17, No. 7.
pp. 365-375.
<P>[Torvalds 1999]
Torvalds, Linus.
February 1999.
``The Story of the Linux Kernel.''
<I>Open Sources: Voices from the Open Source Revolution</I>.
Edited by Chris Dibona, Mark Stone, and Sam Ockman.
O'Reilly and Associates.
ISBN 1565925823.
<A HREF="http://www.oreilly.com/catalog/opensources/book/linus.html">http://www.oreilly.com/catalog/opensources/book/linus.html</A><P>[Webber 1999]
Webber Technical Services.
February 26, 1999.
<I>Writing Secure Web Applications</I>.
<A HREF="http://www.webbertech.com/tips/web-security.html">http://www.webbertech.com/tips/web-security.html</A>.
<P>[Wood 1985]
Wood, Patrick H. and Stephen G. Kochan.
1985.
<I>Unix System Security</I>.
Indianapolis, Indiana: Hayden Books.
ISBN 0-8104-6267-2.
<P>[Wreski 1998]
Wreski, Dave.
August 22, 1998.
<I>Linux Security Administrator's Guide</I>.
Version 0.98.
<A HREF="http://www.nic.com/~dave/SecurityAdminGuide/index.html">http://www.nic.com/~dave/SecurityAdminGuide/index.html</A><P>
<HR>
<A HREF="Secure-Programs-HOWTO-12.html">$B<!$N%Z!<%8(B</A>
<A HREF="Secure-Programs-HOWTO-10.html">$BA0$N%Z!<%8(B</A>
<A HREF="Secure-Programs-HOWTO.html#toc11">$BL\<!$X(B</A>
</BODY>
</HTML>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional