>>(Say this could start from as simple a thing like ONLY using checked functions like strncpy() instead of strcpy.) This is utterly incorrect, swapping out strcpy for strncpy won't help, you can write perfectly secure code using strcpy if you trust the input, you can write perfectly insecure code with strncpy if you get the buffer size calc wrong... Take a look at this code, it's perfectly secure, right, because it's using the 'n' versions... Right? #define SIZE(b) (sizeof(b)) char buff[128]; strncpy(buff,szSomeData,SIZE(buff)); strncat(buff,szMoreData,SIZE(buff)); strncat(buff,szEvenMoreData,SIZE(buff)); WRONG!! Cheers, Michael Secure Windows Initiative Writing Secure Code 2nd Edition http://www.microsoft.com/mspress/books/5957.asp -----Original Message----- From: Rahul Chander Kashyap [mailto:rahulat_private] Sent: Tuesday, December 31, 2002 2:20 AM To: Matt McClellan; viegaat_private Cc: secprogat_private Hi people, First of all i'm thankful to all for responding to my query. Well this shows one thing for sure..we share similar concerns :-) Actually i'm quite surprised that no one as yet has said that yes! we follow some standards to <or rather attempt to>make our coding more secure. So, how about directing our focus with a aim at reaching a methodology/conclusion as to what can be done (by us + others) to say bring up some ideas of some kind of a standard/practice which aims at following certain guidelines to be taken at the design stage of any software development process that could help us prevent the code getting exploited.(If something like this already exists please do let me know..this shall save a lot of time!). yes there are books..i agree but then if we follow something as a standard i'm sure that it shall be more universally accepted and we also cud improve on those! These practices cud also be platform dependent. I wud like to add here that Yes! i agree with all those who say that what if the OS itself is to blame,the libraries are buggy,etc.etc..But from our/the developer point of view shudn't we have a practice that shud be adhered to?? (Say this could start from as simple a thing like ONLY using checked functions like strncpy() instead of strcpy.) And yes let us not focus on the *buggy* aspect of the code because out here we're trying to make sure that what we've written is not exploitable due to *holes* left by the coder. Someone put it very well : * Reliable: something that does everything it is specified to do. * Secure : something that does everything it is specified to do..and nothing else. I agree that there is a very thin line between the two ;-) please do let me know what u people feel of this proposal. I'm open to forming a group (if required) and doing some kind of research on this aspect. I too believe that *absolute security is a myth*, but i do believe in taking some steps so as to reach as close as possible to say *high grade security!* :o) Any takers on this??? Have a fabulous new year! Regards, Rahul C. Kashyap Software Developer www.nsecure.net ------------------- Layered Defence -------------------
This archive was generated by hypermail 2b30 : Tue Dec 31 2002 - 18:18:58 PST