Monday, July 28, 2003

Kernel Programming: Security Considerations:

Interesting points to note

1. A common mistake is assuming that listing every possible value of an enum type provides protection. An enum is generally implemented as either a char or an int internally.

2. Another common mistake is to assume that you can dereference a pointer passed to your function by another function. You should always check for null pointers before dereferencing them - Don't we all know this?

3. Security is particularly important for kernel code that draws input from a network. Assumptions about packet size are frequently the cause of security problems. Always watch for packets that are too big and handle them in a reasonable way. Likewise, always verify checksums on packets.

Hmm - and I'm doing this while on vacation - I'm convinced that I'm a geek... ;)

No comments:

Post a Comment