:: Re: [DNG] Nasty Linux systemd secur…
Etusivu
Poista viesti
Vastaa
Lähettäjä: tito
Päiväys:  
Vastaanottaja: dng
Aihe: Re: [DNG] Nasty Linux systemd security bug revealed
On Mon, 26 Jul 2021 22:53:02 -0400
Steve Litt <slitt@???> wrote:

> Hendrik Boom said on Mon, 26 Jul 2021 17:21:24 -0400
>
> >On Mon, Jul 26, 2021 at 11:48:53AM -0400, Steve Litt wrote:
> >> Andreas Messer said on Mon, 26 Jul 2021 09:38:23 +0200
> >>
> >>
> >> >My feeling is, that you can not simply teach someone how to write
> >> >safe software.
> >>
> >> Why not? You can teach a person to do anything else. But maybe not in
> >> college, because college is built to make money, not to teach.
> >> Consider the average textbook and compare to the average "For
> >> Dummies" book. The former makes the subject matter look incredibly
> >> complex, justifying the professor. The latter makes it easy to learn.
> >>
> >> What is needed is a curated document explaining the five or ten or
> >> twenty things you need to do to be secure, and then how to achieve
> >> them in a practical world. Let's start with input field cleansing and
> >> protection from errant pointers and buffer overflow. There are many
> >> more:
> >
> >Knowing you, you probably already have a draft of such a document
> >lying around.
>
> Not that I know of. That's why I'm starting at the level of a simple
> list.
>
> SteveT
>
> Steve Litt
> Spring 2021 featured book: Troubleshooting Techniques of the Successful
> Technologist http://www.troubleshooters.com/techniques


Hi,

Ten Commandments

1) use the least amount of code possible
2) try harder and go to point 1
3) if the code doesn't fit into one screen go to point 2
4) always initialize your vars at declaration time
5) always set your vars to NULL after freeing them
6) always check error codes of the functions you call and something appropriate
7) add comments about what and why you did (that ugly hack)
8) use meaningful (to others) names for your functions and vars
9) your code must be readable to others like a children's book
10) if you don't know how to solve it, look what others did, then do it your way (or forget Ctrl-C)

these are the few rules I used when I did a little programming in the past.
So tell me yours...

Ciao,
Tito