RE: safe strcpy()?
From: Michael Howard (mikehow@microsoft.com)
Date: 01/29/03
- Previous message: Sandeep Giri: "Security Auditing Report Conventions and Standards"
- Maybe in reply to: Ed Carp: "safe strcpy()?"
- Next in thread: Dave Aitel: "Re: safe strcpy()?"
- Reply: Dave Aitel: "Re: safe strcpy()?"
- Reply: Ben Pfaff: "Re: safe strcpy()?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 29 Jan 2003 13:06:41 -0800 From: "Michael Howard" <mikehow@microsoft.com> To: "Hall, Philip" <phall@spss.com>, <secprog@securityfocus.com>
The point I'm making is people seem to think they can write crap code,
then bindly replace the calls to strcpy with strncpy and all of a sudden
their code is safe. It's not! You MUST validate the untrusted data. Oh,
and while you're at it - use 'safer' functions and compile with a
stack-smashing detection capability such as VC++'s -GS or Crispin's
StackGuard.
Then run tools over the code that model data flow through the app - just
in case you missed something...
A finally, have someone that understands this stuff review your code -
just in case you missed something...
Just a small data item: whenever I ask a bunch of developers whether you
should accommodate for the trailing '\0' when determining the buffer
size in a call to strncpy or strncat, 50% say YES, and 50% say NO...
That means 50% are WRONG!! That's how buffer overruns occur...
A stupid developer using 'safe' functions will produce stupid code!!
There's no replacement for education, discpline and skill I'm afraid.
Cheers, Michael
Secure Windows Initiative
Writing Secure Code 2nd Edition
http://www.microsoft.com/mspress/books/5957.asp
-----Original Message-----
From: Hall, Philip [mailto:phall@spss.com]
Sent: Tuesday, January 28, 2003 8:01 PM
To: secprog@securityfocus.com
> Of course, the real way to build secure software is not to use "safe"
> functions, but to check data validity :-)
Hang on, that sounds akin to not having locks (safe functions) on your
front door, but posting a guard (data validation) at the end of your
drive way...hmmmmm I think I'll stick to my eXtreme Defensive
Programming (XDP) and be paranoid about everything...unless you meant
that by *adding* the data validity to the 'safe' functions to beef them
up...?
--phil
- Next message: Daniel Reed: "RE: safe strcpy()?"
- Previous message: Sandeep Giri: "Security Auditing Report Conventions and Standards"
- Maybe in reply to: Ed Carp: "safe strcpy()?"
- Next in thread: Dave Aitel: "Re: safe strcpy()?"
- Reply: Dave Aitel: "Re: safe strcpy()?"
- Reply: Ben Pfaff: "Re: safe strcpy()?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
