The Linux Programming Interface > Writing Secure Privileged Programs > Avoid Exposing Sensitive Information - Pg. : Safari Books Online

Table of Contents

Download Safari Books Online apps: Apple iOS | Android

Entire Site

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

This Book

The Linux Programming Interface

The Linux Programming Interface

Search

Contents

Praise for The Linux Programming Interface

Ch. 1. History and Standards

Ch. 2. Fundamental Concepts

Ch. 3. System Programming Concepts

Ch. 4. File I/O: The Universal I/O Model

Ch. 5. File I/O: Further Details

Ch. 6. Processes

Ch. 7. Memory Allocation

Ch. 8. Users and Groups

Ch. 9. Process Credentials

Ch. 11. System Limits and Options

Ch. 12. System and Process Information

Ch. 13. File I/O Buffering

Ch. 14. File Systems

Ch. 15. File Attributes

Ch. 16. Extended Attributes

Ch. 17. Access Control Lists

Ch. 18. Directories and Links

Ch. 19. Monitoring File Events

Ch. 20. Signals: Fundamental Concepts

Ch. 21. Signals: Signal Handlers

Ch. 22. Signals: Advanced Features

Ch. 23. Timers and Sleeping

Ch. 24. Process Creation

Ch. 25. Process Termination

Ch. 26. Monitoring Child Processes

Ch. 27. Program Execution

Ch. 28. Process Creation and Program Execution in More Detail

Ch. 29. Threads: Introduction

Ch. 30. Threads: Thread Synchronization

Ch. 31. Threads: Thread Safety and Per-Thread Storage

Ch. 32. Threads: Thread Cancellation

Ch. 33. Threads: Further Details

Ch. 34. Process Groups, Sessions, and Job Control

Ch. 35. Process Priorities and Scheduling

Ch. 36. Process Resources

Ch. 37. Daemons

Ch. 38. Writing Secure Privileged Programs

Is a Set-User-ID or Set-Group-ID Program Required?

Operate with Least Privilege

Be Careful When Executing a Program

Avoid Exposing Sensitive Information

Confine the Process

Beware of Signals and Race Conditions

Pitfalls When Performing File Operations and File I/O

Don't Trust Inputs or the Environment

Beware of Buffer Overruns

Beware of Denial-of-Service Attacks

Check Return Statuses and Fail Safely

Ch. 39. Capabilities

Ch. 40. Login Accounting

Ch. 41. Fundamentals of Shared Libraries

Ch. 42. Advanced Features of Shared Libraries

Ch. 43. Interprocess Communication Overview

Ch. 44. Pipes and FIFOs

Ch. 45. Introduction to System V IPC

Ch. 46. System V Message Queues

Ch. 47. System V Semaphores

Ch. 48. System V Shared Memory

Ch. 49. Memory Mappings

Ch. 50. Virtual Memory Operations

Ch. 51. Introduction to POSIX IPC

Ch. 52. POSIX Message Queues

Ch. 53. POSIX Semaphores

Ch. 54. POSIX Shared Memory

Ch. 55. File Locking

Ch. 56. Sockets: Introduction

Ch. 57. Sockets: UNIX Domain

Ch. 58. Sockets: Fundamentals of TCP/IP Networks

Ch. 59. Sockets: Internet Domains

Ch. 60. Sockets: Server Design

Ch. 61. Sockets: Advanced Topics

Ch. 62. Terminals

Ch. 63. Alternative I/O Models

Ch. 64. Pseudoterminals

Appx. A. Tracing System Calls

Appx. B. Parsing Command-Line Options

Appx. C. Casting the NULL Pointer

Appx. D. Kernel Configuration

Appx. E. Further Sources of Information

Appx. F. Solutions to Selected Exercises

Appx. G. Updates

URL

Help

38.4. Avoid Exposing Sensitive Information

When a program reads passwords or other sensitive information, it should perform whatever processing is required, and then immediately erase the information from memory. (We show an example of this in Section 8.5.) Leaving such information in memory is a security risk, for the following reasons:

The virtual memory page containing the data may be swapped out (unless it is locked in memory using mlock() or similar), and could then be read from the swap area by a privileged program.
If the process receives a signal that causes it to produce a core dump file, then that file may be read to obtain the information.

You are currently reading a PREVIEW of this book.

Get instant access to over
$1 million worth of books and videos.

Start a Free Trial