This chapter gives guidelines on programming in a secure environment, and a list of new system and library calls available under the Commercial Security Pak.
There are a number of guidelines that you, as a programmer in a secure environment, should follow:
In order to simplify your work, do not duplicate the work done by the Identification & Authentication programs of the system or by CSP-Kerberos.
Assure that all variables are in bounds.
Reduce global variable usage wherever possible.
Limit the functionality of each module to only one distinct task.
Do not create a procedure that circumvents any of the programmatic flow.
If overrides must be added, document them thoroughly in the code.
By design and principle, minimize the use of privilege required or permitted by your programs.
The following system and library calls are distributed with the Commercial Security Pak. CSP-Kerberos calls are not listed here, but are available using anonymous ftp from athena.mit.edu. Reference pages exist for each of these calls in reference page sections 2 and 3.
Table 5-1 below lists each call and its corresponding action.
Table 5-1. Commercial Security Pak System and Library Calls
System/Library Call | Action |
|---|---|
satctl(2) | control the collection of audit data |
satread(2) | read a block of audit record data |
satwrite(2) | write a block of audit record data |
acl_copy_ext(3C) | copy ACL from system to user space or from user to system space |
acl_delete_def_file(3C) | delete the default ACL for a named directory |
acl_dup(3C) | make a copy of an ACL |
acl_free(3C) | free memory allocated by ACL interface calls |
acl_from_text(3C) | convert a POSIX ACL string to a struct acl or a struct acl to a POSIX ACL string |
acl_get_fd(3C) | get or set the ACL associated with an open file |
acl_get_file(3C) | get or set the ACL for a pathname |
acl_size(3C) | return the size of an ACL |
acl_valid(3C) | validate an ACL |
cap_acquire(3C) | make permitted set capabilities effective or remove effective capabilities |
cap_clear(3C) | clear the fields of a capability |
cap_copy_ext(3C) | copy capability from system to user space or from user to system space |
cap_dup(3C) | make a copy of a capability |
cap_free(3C) | free allocated capability |
cap_from_text(3C), cap_to_text, cap_value_to_text | convert a POSIX capabilities string to internal form, convert capabilities to a POSIX capabilities string, or return the POSIX name for a capability value |
cap_get_fd(3C), cap_set_fd | get or set the capabilities for an open file |
cap_get_file(3C), cap_set_file | get or set the capabilities for a pathname |
cap_get_flag(3C), cap_set_flag | get or set the value of a capability flag in a capability |
cap_get_proc(3C), cap_set_proc | get or set process capabilities |
cap_init(3C) | allocate a capability stucture |
cap_size(3C) | return the size of a capability |
getspwnam(3) | get a user's name from the administrative database |
getuserinfonam(3), getuserinfouid(3) | get information about a user. |
ia_audit(3) | create and write an audit record, using satwrite() |
libperfex(3C), start_counters, read_counters, print_counters, | a procedural interface to R10000 counters |
sat_eventtostr(3), sat_strtoevent(3) | convert an audit event index to or from an audit event string |
sat_intrp_pathname(3C) | Portable interface to interpret sat_pathname structs |
sat_read_file_info(3C), sat_write_file_info, sat_free_file_info | Portable interfaces to read audit file headers |
sat_read_header_info(3C), sat_free_header_info | Portable interfaces to read audit record headers |
sgi_acl_strtoacl(3C), sgi_acl_acltostr | convert an ACL string to a struct acl or convert a struct acl to an ACL string |
sgi_cap_cleared(3C) | determine whether a user's allowed capabilities are sufficient |
sgi_cap_set_from_text(3C) | set all capabilities from a capabilities string |
sgi_cap_strtocap(3C), sgi_cap_captostr | convert a capabilities string to a cap_value_t or convert a cap_value_t to a capabilities string |
sgi_getcapabilitybyname(3C) | get the default and allowed capability sets for a named user |