On Thursday, April 16, Manoj Srivastava wrote > > I shall have to think about how far do we go, and how to limit > the scope of this document. I do not think we can cover secure > programming, portable programming, introduction to common softeware > tools, historic bugs, I/O programming, and resource management in > something less bulky than the average dictionary. In regards to covering "secure programming"... You may not want to cover things like writing secure setuid root programs, but it'd be really nice if the manual could cover stuff like creating temp files in a secure way. The former (secure setuid root programming) is quite complex (to say the least!) and would require a couple of chapters all by itself, but for the latter there's more or less one "right" answer. So you just need to say: [insert code snippet for the 'naive' way of opening temp files] Don't do it like that, because of this and this problem. [insert code snippet for the 'right' way of opening temp files] Do it as shown above, because it fixes all the problems previously mentionned. I also remember seeing a few urls about 'secure programming'. I'll try to dig them up and send them your way. Christian
Attachment:
pgpbvY953pruc.pgp
Description: PGP signature