more broken link fixes
This commit is contained in:
parent
b14c0857dc
commit
3cc4533ad1
6 changed files with 10 additions and 10 deletions
|
@ -50,7 +50,7 @@ but strongly discouraged
|
||||||
These primitives are difficult to use in a secure way. Custom
|
These primitives are difficult to use in a secure way. Custom
|
||||||
implementation of security protocols should be avoided. For
|
implementation of security protocols should be avoided. For
|
||||||
protecting confidentiality and integrity of network
|
protecting confidentiality and integrity of network
|
||||||
transmissions, TLS should be used (<<chap-Defensive_Coding-TLS>>).
|
transmissions, TLS should be used (xref:../features/Features-TLS.adoc#chap-Defensive_Coding-TLS[Transport Layer Security]).
|
||||||
|
|
||||||
In particular, when using AES in CBC mode, it is necessary to
|
In particular, when using AES in CBC mode, it is necessary to
|
||||||
add integrity checking by other means, preferably using
|
add integrity checking by other means, preferably using
|
||||||
|
|
|
@ -9,7 +9,7 @@ In this chapter, we discuss general file system manipulation, with
|
||||||
a focus on access files and directories to which an other,
|
a focus on access files and directories to which an other,
|
||||||
potentially untrusted user has write access.
|
potentially untrusted user has write access.
|
||||||
|
|
||||||
Temporary files are covered in their own chapter, <<chap-Defensive_Coding-Tasks-Temporary_Files>>.
|
Temporary files are covered in their own chapter, xref:../tasks/Tasks-Temporary_Files.adoc#chap-Defensive_Coding-Tasks-Temporary_Files[Temporary Files].
|
||||||
|
|
||||||
[[sect-Defensive_Coding-Tasks-File_System-Unowned]]
|
[[sect-Defensive_Coding-Tasks-File_System-Unowned]]
|
||||||
== Working with Files and Directories Owned by Other Users
|
== Working with Files and Directories Owned by Other Users
|
||||||
|
|
|
@ -126,7 +126,7 @@ Several attributes are global and affect all code in the
|
||||||
process, not just the library that manipulates them.
|
process, not just the library that manipulates them.
|
||||||
|
|
||||||
* environment variables
|
* environment variables
|
||||||
(see <<sect-Defensive_Coding-Tasks-secure_getenv>>)
|
(see xref:../tasks/Tasks-Processes.adoc#sect-Defensive_Coding-Tasks-secure_getenv[Accessing Environment Variables])
|
||||||
|
|
||||||
* umask
|
* umask
|
||||||
|
|
||||||
|
|
|
@ -10,7 +10,7 @@ include::{partialsdir}/entities.adoc[]
|
||||||
|
|
||||||
This section describes how to create new child processes in a
|
This section describes how to create new child processes in a
|
||||||
safe manner. In addition to the concerns addressed below, there
|
safe manner. In addition to the concerns addressed below, there
|
||||||
is the possibility of file descriptor leaks, see <<sect-Defensive_Coding-Tasks-Descriptors-Child_Processes>>.
|
is the possibility of file descriptor leaks, see xref:../tasks/Tasks-Descriptors.adoc#sect-Defensive_Coding-Tasks-Descriptors-Child_Processes[Preventing File Descriptor Leaks to Child Processes].
|
||||||
|
|
||||||
=== Obtaining the Program Path and the Command-line Template
|
=== Obtaining the Program Path and the Command-line Template
|
||||||
|
|
||||||
|
|
|
@ -13,7 +13,7 @@ robustly in languages which are not memory-safe.
|
||||||
[[sect-Defensive_Coding-Tasks-Serialization-Decoders]]
|
[[sect-Defensive_Coding-Tasks-Serialization-Decoders]]
|
||||||
== Recommendations for Manually-written Decoders
|
== Recommendations for Manually-written Decoders
|
||||||
|
|
||||||
For C and C++, the advice in <<sect-Defensive_Coding-C-Pointers>> applies. In
|
For C and C++, the advice in xref:../programming-languages/C-Language.adoc#sect-Defensive_Coding-C-Pointers[Recommendations for Pointers and Array Handling] applies. In
|
||||||
addition, avoid non-character pointers directly into input
|
addition, avoid non-character pointers directly into input
|
||||||
buffers. Pointer misalignment causes crashes on some
|
buffers. Pointer misalignment causes crashes on some
|
||||||
architectures.
|
architectures.
|
||||||
|
@ -107,7 +107,7 @@ reject fragments which are inconsistent.
|
||||||
fragments against the unfragmented PDU length (if they are
|
fragments against the unfragmented PDU length (if they are
|
||||||
present). Check that the last byte in the fragment does not
|
present). Check that the last byte in the fragment does not
|
||||||
lie after the end of the unfragmented PDU. Avoid integer
|
lie after the end of the unfragmented PDU. Avoid integer
|
||||||
overflows in these computations (see <<sect-Defensive_Coding-C-Arithmetic>>).
|
overflows in these computations (see xref:../programming-languages/C-Language.adoc#sect-Defensive_Coding-C-Arithmetic[Recommendations for Integer Arithmetic]).
|
||||||
|
|
||||||
[[sect-Defensive_Coding-Tasks-Serialization-Fragmentation-ID]]
|
[[sect-Defensive_Coding-Tasks-Serialization-Fragmentation-ID]]
|
||||||
=== Fragment IDs
|
=== Fragment IDs
|
||||||
|
|
|
@ -8,13 +8,13 @@ In this chapter, we describe how to create temporary files and
|
||||||
directories, how to remove them, and how to work with programs
|
directories, how to remove them, and how to work with programs
|
||||||
which do not create files in ways that are safe with a shared
|
which do not create files in ways that are safe with a shared
|
||||||
directory for temporary files. General file system manipulation
|
directory for temporary files. General file system manipulation
|
||||||
is treated in a separate chapter, <<chap-Defensive_Coding-Tasks-File_System>>.
|
is treated in a separate chapter, xref:../tasks/Tasks-File_System.adoc#chap-Defensive_Coding-Tasks-File_System[File System Manipulation].
|
||||||
|
|
||||||
Secure creation of temporary files has four different aspects.
|
Secure creation of temporary files has four different aspects.
|
||||||
|
|
||||||
* The location of the directory for temporary files must be
|
* The location of the directory for temporary files must be
|
||||||
obtained in a secure manner (that is, untrusted environment
|
obtained in a secure manner (that is, untrusted environment
|
||||||
variables must be ignored, see <<sect-Defensive_Coding-Tasks-secure_getenv>>).
|
variables must be ignored, see xref:../tasks/Tasks-Processes.adoc#sect-Defensive_Coding-Tasks-secure_getenv[Accessing Environment Variables).
|
||||||
|
|
||||||
* A new file must be created. Reusing an existing file must be
|
* A new file must be created. Reusing an existing file must be
|
||||||
avoided (the `/tmp` race
|
avoided (the `/tmp` race
|
||||||
|
@ -71,7 +71,7 @@ temporary file. You should specify the
|
||||||
to subprocesses. (Applications which do not use multiple threads
|
to subprocesses. (Applications which do not use multiple threads
|
||||||
can also use `mkstemp`, but libraries should
|
can also use `mkstemp`, but libraries should
|
||||||
use `mkostemp`.) For determining the
|
use `mkostemp`.) For determining the
|
||||||
directory part of the file name pattern, see <<chap-Defensive_Coding-Tasks-Temporary_Files-Location>>.
|
directory part of the file name pattern, see <<chap-Defensive_Coding-Tasks-Temporary_Files-Location>>
|
||||||
|
|
||||||
The file is not removed automatically. It is not safe to rename
|
The file is not removed automatically. It is not safe to rename
|
||||||
or delete the file before processing, or transform the name in
|
or delete the file before processing, or transform the name in
|
||||||
|
@ -151,7 +151,7 @@ the [option]`-rf` and [option]`--` options.
|
||||||
|
|
||||||
There are two ways to make a function or program which excepts a
|
There are two ways to make a function or program which excepts a
|
||||||
file name safe for use with temporary files. See
|
file name safe for use with temporary files. See
|
||||||
<<sect-Defensive_Coding-Tasks-Processes-Creation>>,
|
xref:../tasks/Tasks-Processes.adoc#sect-Defensive_Coding-Tasks-Processes-Creation[Creating Safe Processes]
|
||||||
for details on subprocess creation.
|
for details on subprocess creation.
|
||||||
|
|
||||||
* Create a temporary directory and place the file there. If
|
* Create a temporary directory and place the file there. If
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue