Security References: Difference between revisions

From miki
Jump to navigation Jump to search
(New page: == Development == * [http://www.sans.org/top25errors/ CWE/SANS TOP 25 Most Dangerous Programming Errors])
 
Line 1: Line 1:
== Development ==
== Development ==
* [http://www.sans.org/top25errors/ CWE/SANS TOP 25 Most Dangerous Programming Errors]
* [http://www.sans.org/top25errors/ CWE/SANS TOP 25 Most Dangerous Programming Errors]
* [http://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf Reflections on Trusting Trust] How does writing the C compiler in C bear on security issues? Well, it does (Ken Thompson, Communication of the ACM, Vol. 27, No. 8, August 1984, pp. 761-763)
** The idea is to hide a trojan code in the C compiler so that to inject a trojan code in eg. the <tt>login</tt> command code, and another trojan code so that to automatically re-inject itself when the C code is compiled with the infected compiler.

Revision as of 12:02, 8 April 2009

Development

  • CWE/SANS TOP 25 Most Dangerous Programming Errors
  • Reflections on Trusting Trust How does writing the C compiler in C bear on security issues? Well, it does (Ken Thompson, Communication of the ACM, Vol. 27, No. 8, August 1984, pp. 761-763)
    • The idea is to hide a trojan code in the C compiler so that to inject a trojan code in eg. the login command code, and another trojan code so that to automatically re-inject itself when the C code is compiled with the infected compiler.