Ted Unangst wrote: > On 4/21/06, Joco Salvatti <[EMAIL PROTECTED]> wrote: >> Does anyone know a book, tutorial or documents of any kind that treat >> about secure programming over OpenBSD? Since OpenBSD implements many >> secure system calls and lots of other methods that are much more >> secure that respective implementations in other platforms: mkstem, >> strlcpy, strlcat... > > i'd start by looking at events.html and the presentations various > people have been giving. the only worthwhile book in the genre i've > seen is "secure coding in c and c++" by robert seacord. it covers a > few openbsd only features (malloc.conf, ...). > > in general though, programming is like juggling or riding a bike. > reading a book will not make you good at it. > > Before programming securely you must program correctly. One thing will give you to the other.
man style (9) Can give a good start point. Also search for kernel normal form in the google and in the wikipedia and some interesting links may appear. And, of course, read the manual pages of the functions you will use, preferably, in many systems, to compare their implementations. At least i did this way. Also, a good trick, is to read the source of some programs that are known to be secure. OpenSSH is a good start. Even if you can't understand what each function is doing, at least you'll see the implementations of some functions that will you want to use. My 2 cents, -- Giancarlo Razzolini Linux User 172199 Moleque Sem Conteudo Numero #002 Slackware Current OpenBSD Stable Snike Tecnologia em Informatica 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
