os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

New translation.

Browse source 
Submitted by: Nishika <nishika@cheerful.com>
This commit is contained in:
Hiroyuki Hanai 1998-07-26 10:51:34 +00:00
parent dbd4580ad3
commit 2bd76bdd3e
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/www/; revision=3181
6 changed files with 434 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
data/ja_JP.EUC/Makefile
View file

@ -1,4 +1,4 @@
# $Id: Makefile,v 1.13 1998-07-07 03:14:10 hanai Exp $
# $Id: Makefile,v 1.14 1998-07-26 10:51:28 hanai Exp $
# The FreeBSD Japanese Documentation Project
# Original revision: 1.24
@ -35,6 +35,7 @@ atoz.sgml: web.atoz
#SUBDIR= cgi commercial gifs ports releases tutorials
SUBDIR= docproj ports releases
SUBDIR=+ security
# Subdirectories that have linuxdoc docs and makefiles that use
# <bsd.sgml.mk>.

12
data/ja_JP.EUC/security/Makefile Normal file
View file

@ -0,0 +1,12 @@
# $Id: Makefile,v 1.1 1998-07-26 10:51:31 hanai Exp $
.if exists(Makefile.conf)
.include "Makefile.conf"
.endif
DOCS=
DOCS+= programmers.sgml
#DOCS+= security.sgml
#DOCS+= secure.sgml
.include "../web.mk"

203
data/ja_JP.EUC/security/programmers.sgml Normal file
View file

@ -0,0 +1,203 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN" [
<!ENTITY base CDATA "..">
<!ENTITY date "$Date: 1998-07-26 10:51:34 $">
<!ENTITY title "Security Do's and Don'ts for Programmers">
<!ENTITY % includes SYSTEM "../includes.sgml"> %includes;
]>
<!-- $Id: programmers.sgml,v 1.1 1998-07-26 10:51:34 hanai Exp $ -->
<html>
&header;
<P></P><UL>
<LI><A NAME="#rule1"></A>$B$I$s$JF~NO%=!<%9$b?.MQ$7$J$$$3$H(B. $B$D$^$j(B, $B%3%^%s%I(B
$B%i%$%s0z?t(B, $B4D6-JQ?t(B, $B@_Dj%U%!%$%k(B, $BE~Ce$7$?(B UDP $B%Q%1%C%H(B, $B%[%9%HL>;2>H(B,
$B4X?t0z?t$J$I(B, $B$I$l$b?.MQ$7$F$O$$$1$^$;$s(B. $B$=$b$=$b(B, $B<u$1<h$C$?%G!<%?D9$d(B
$BFbMF$,3F%W%m%0%i%`$d4X?t$N%3%s%H%m!<%k30$N$b$N$J$i(B, $B%W%m%0%i%`$d4X?t$O$=(B
$B$N%G!<%?$r%3%T!<$9$k;~$KCm0U$r$O$i$&$Y$-$G$9(B. $B$3$N<o$N%;%-%e%j%F%#LdBj$r(B
$B5s$2$k$H(B:
<P></P><UL>
<LI><A NAME="#rule1_1"></A>$B%G!<%?6-3&$r1[$($k$h$&$J(B strcpy() $B$d(B sprintf()
$B4X?t$N8F$S=P$7(B. $B$b$7%G!<%?D9$,J,$+$C$F$$$k$N$J$i(B, strncpy() $B$d(B snprintf()
$B4X?t$r;H$&(B ($B$b$7$/$O(B, $B$=$l$,;H$($J$$$N$J$i6-3&%A%'%C%/$r;\$7$?JL$NJ*$r(B
$BAH$_9~$`(B) $B$h$&$K$7$F2<$5$$(B. $B<B:](B, gets() $B$d(B sprintf() $B$O:#8e7h$7$F(B
$B;H$o$l$k$3$H$O$"$j$^$;$s(B.
<P></P></LI>
<LI><A NAME="#rule1_1"></A>strncpy() $B$d(B strncat() $B4X?t$N8F$S=P$7(B. $B$=$l$i$N(B
$B4X?t$,$I$N$h$&$KF0:n$9$k$N$+$K$D$$$FM}2r$7$F$$$k$3$H$r3N$+$a$F2<$5$$(B.
strncpy() $B4X?t$O=*C<J8;z(B \\0 $B$rIU$1B-$5$J$$$3$H$,$"$k$N$KBP$7(B, strncat()
$B4X?t$O>o$K(B \\0 $B$rIU$1B-$7$^$9(B.
<P></P></LI>
<LI><A NAME="#rule1_2"></A>strvis(3) $B$d(B getenv(3) $B4X?t$NMpMQ$K5$$r$D$1$k(B
$B$3$H(B. strvis() $B$O4V0c$C$?%3%T!<@hJ8;zNs$r4JC1$K:n$C$F$7$^$$$^$9$7(B,
getenv() $B$OA[Dj$5$l$kD9$5$r$O$k$+$K1[$($kJ8;zNs$rJV$9$3$H$b$"$j$^$9(B.
$B$3$l$i$O%W%m%0%i%`$X$N967b$G$7$P$7$P;H$o$l$k>oEe<jCJ$N0l$D$G(B, $B4D6-(B
$BJQ?t$rM=A[$b$7$J$+$C$?CM$K@_Dj$7$F%9%?%C%/$dJQ?t$r>e=q$-$5$;$k$N$G$9(B.
$B$"$J$?$N%W%m%0%i%`$,4D6-JQ?t$rFI$s$G$$$k$N$J$i(B, $BJP<9E*$K$J$i$J$$$H(B
$B$$$1$^$;$s(B!
<P></P></LI>
<LI>open(2) $B$d(B stat(2) $B4X?t$r8+$D$1$k$?$S$K(B, "$B%"%/%;%9$7$h$&$H$7$F$$$k(B
$B%U%!%$%k$,%7%s%\%j%C%/%j%s%/$@$C$?$i$I$&$J$k$@$m$&!)(B" $B$H<+Ld$7$F2<$5$$(B.
<P></P></LI>
<LI><A NAME="#rule1_3"></A>mktemp(), tempnam(), mkstemp() $B4X?t$J$I$r;HMQ(B
$B$7$F$$$k$H$3$m$G$OBe$o$j$K(B mkstemp() $B$,;HMQ$5$l$F$$$k$3$H$r3NG'$7$F(B
$B2<$5$$(B. $B2C$($F(B, /tmp $B$NCf$G%"%H%_%C%/$K$J$k$3$H$O$[$H$s$I$J$$$H$$$&(B
$B$3$H$K5$$E$$$F(B, /tmp $BCf$N6%9g$,H/@8$7$F$$$J$$$+C5$7$F$_$F2<$5$$(B.
<UL>
<LI>$B%G%#%l%/%H%j$N:n@.(B. $B$3$l$O@.8y$9$k$+<:GT$9$k$+$N$I$A$i$+$G$9(B.
<LI>O_CREAT | O_EXCL $B%b!<%I$G$N%U%!%$%k$N%*!<%W%s(B
</UL>
mkstemp(3) $B$O$3$&$$$C$?$3$H$r$"$J$?$N$?$a$K@5$7$/$d$C$F$N$1$F$/$l$^(B
$B$9(B. $B$=$&(B, $B6%9g$r5/$3$5$J$$$G@5$7$$5v2D8"$G%F%s%]%i%j%U%!%$%k$,:n@.$5$l$k(B
$B$3$H$rJ]>Z$9$k$K$O(B mkstemp() $B$r;H$o$J$1$l$P$$$1$J$$$N$G$9(B.
<P></P></LI>
<LI><A NAME="#rule1_4"></A>$B967b<T$,E,Ev$JJL$N%7%9%F%`$+$i%Q%1%C%H$r(B
$BEj$2$?$j(B, $B%Q%1%C%H$r<u$1<h$C$?$j$9$k$h$&$K6/$$$k$3$H$,$G$-$k$N$J$i(B,
$B;dC#$,<u$1$k%G!<%?$r40A4$K%3%s%H%m!<%k$9$k$3$H$,$G$-$^$9$7(B, $B$=$l$i$N(B
*$B$$$:$l$b(B*$B?.MQ$G$-$J$$$b$N$H$J$j$^$9(B.
<P></P></LI>
<LI><A NAME="#rule1_5"></A>2.1 $B$H(B 2.2 $B$K$*$1$k(B UID, EUID, SVUID $B$N(B
$B0c$$$rM}2r$7$F2<$5$$(B. $B;d$?$A$bM}2r$7$F$$$^$;$s(B. [XXX $B$7$+$7(B Bruce $B$H(B
$BOC$79g$C$?8e$GM}2r$7$F$3$3$rKd$a$J$1$l$P$$$1$^$;$s(B]
<P></P></LI>
<LI><A NAME="#rule1_6"></A>$B@_Dj%U%!%$%k$,@5$7$$%U%)!<%^%C%H$K$J$C$F$$$k(B,
$B$"$k$$$O4XO"%f!<%F%#%j%F%#$G:n@.$5$l$F$$$k(B, $B$J$I$H;W$C$F$O$$$1$^$;$s(B.
$BJQ$J$3$H$r$9$k%A%c%s%9$5$($"$l$P(B, $B$R$M$/$l$?%/%i%C%+!<$,$-$C$H$=$NJQ$J(B
$B$3$H$r$7$G$+$7$F$7$^$&$G$7$g$&(B: $BC<KvL>$d8@8lJ8;zNs$J$I%Q%9L>$NCf$K(B '/'
$B$d(B '../../...' $B$H$$$C$?%U%j!<%9%?%$%k$NJ8;z$,F~$k;~$O%f!<%6$NF~NO$r(B
$B?.MQ$7$F$O$$$1$^$;$s(B. root $B8"8B$G(B setuid $B$,%;%C%H$5$l$F$$$k>uBV$N$H$-$O(B
$B%f!<%6$+$iM?$($i$l$k(B *$B0l@Z$N(B* $B%Q%9L>$r?.MQ$7$F$O$$$1$^$;$s(B.
<P></P></LI>
<LI><A NAME="#rule1_7"></A>$B%G!<%?$N3JG<$5$l$kJ}K!$K4X$7$F$N%;%-%e%j%F%#(B
$B%[!<%k$d<eE@$K5$$r$D$1$F2<$5$$(B. $B%F%s%]%i%j%U%!%$%k$N5v2D8"$O$I$l$b(B
600 $B$K$J$C$F$$$J$$$H$$$1$^$;$s(B.
<P></P></LI>
<LI><A NAME="#rule1_8"></A>$B9b$$8"8B$G<B9T$9$k2DG=@-$N$"$k%W%m%0%i%`$+$i(B
$B$*$-$^$j$NLdBj$N%3!<%I$r8+$D$1$k$N$K(B grep $B$7$F$O$$$1$^$;$s(B. strcpy()
$B$N$h$&$J4X?t$,%*!<%P%U%m!<$r$*$3$9$H$$$C$?$3$H$h$j$b?tB?$/$N%*!<%P!<(B
$B%U%m!<$N%1!<%9$,$"$k$N$G(B, 1 $B9T(B 1 $B9T%3!<%I$rDI$C$F$$$/$h$&$K$7$J$1$l$P(B
$B$$$1$^$;$s(B.
<P></P></LI>
<LI><A NAME="#rule1_9"></A>$BI,MW$N$J$$!JLuCm(B root $B$J$I$N!KFC8"$r;H$o$J$$(B
$B$+$i$H$$$C$F(B, $B!J?/F~<T$K!K0-MQ$5$l$k2DG=@-$,$J$/$J$k$o$1$G$O$"$j$^$;$s(B.
$B967b<T$OI,MW$J<B9T%3!<%I$r%9%?%C%/$K@Q$s$G$+$i(B /bin/sh $B$r<B9T$7$h$&$H(B
$B$9$k$+$b$7$l$^$;$s(B.
</LI>
</UL>
<P></P></LI>
<LI><A NAME="#rule2"></A>UID $B$r4IM}$9$k$h$&$K$7$F2<$5$$(B. $B$=$&(B, $B$G$-$k$@$1(B
$B$O$d$/FC8"$r40A4$K<N$F5n$k$N$G$9(B. EUID $B$H(B UID $B$H$r@ZBX$($kI,MW$O(B
$B$"$j$^$;$s(B. setuid() $B$r$G$-$k8B$jAa4|$K9T$J$($P$$$$$N$G$9(B.
<P></P></LI>
<LI><A NAME="#rule3"></A>$B%(%i!<$N$"$C$?@_Dj%U%!%$%k$NFbMF$r@dBP$K2hLL$K(B
$BI=<($7$J$$$h$&$K$7$F2<$5$$(B. $B9THV9f(B, $B$=$l$+$i7e?t$,J,$+$l$P==J,$G$9(B.
$B%i%$%V%i%j$H(B SUID/SGID $B$,@_Dj$5$l$F$$$k%W%m%0%i%`$K$3$l$i$N$3$H$,(B
$B8@$($^$9(B.
<P></P></LI>
<LI><A NAME="#rule4"></A>$B%;%-%e%j%F%#LdBj$K4X$7$F$N(B, $B8=B8$9$k%3!<%I$N(B
$B%l%S%e!<$N$?$a$N(B Tips:
<P></P><UL>
<LI><A NAME="#rule4_1"></A>$B%;%-%e%j%F%#%U%#%C%/%9$K$D$$$F$"$J$?$,3N?.$r(B
$B;}$F$J$$$N$J$i(B, $BL\$rDL$7$F$b$i$&$?$a$K$"$J$?$,@0$($?%3!<%I$r%l%S%e!<(B
$B$9$k?M$KAw$C$F2<$5$$(B. $B0BA4$NL>$K$*$$$F(B, $B$+$J$jLq2p$JLdBj$r0z$-5/$3$5(B
$B$J$$$3$H$r3N?.$G$-$J$$$&$A$O%3%_%C%H$7$F$O$$$1$^$;$s(B. :)
<P></P></LI>
<LI><A NAME="#rule4_2"></A>CVS $B%3%_%C%H$N8"8B$N$J$$$b$N$O(B, $BJQ99$N(B
$B%l%S%e!<$r:G8e$K9T$C$??M$K$=$N8"8B$,$"$k$3$H$r3NG'$9$Y$-$G$9(B. $B$=$N(B
$B?M$O%l%S%e!<$H:G=*%P!<%8%g%s$N%D%j!<$X$N<h$j9~$_$NN>J}$r$9$k$3$H$K(B
$B$J$j$^$9(B.
<P></P></LI>
<LI><A NAME="#rule4_3"></A>>$B%l%S%e!<$9$k?M$KJQ99E@$rAw$k;~(B, $B4JC1$K(B
patch(1) $B$rEv$F$i$l$k$h$&$K$9$k$?$a$K(B context $B$+(B unidiff $B7A<0$N(B
diff $B$r;H$&$h$&$K$7$F2<$5$$(B. $B%U%!%$%k$^$k$4$HAw$i$J$$$G2<$5$$(B!
Diff $B$O4JC1$KFI$`$3$H$,$G$-$k$7(B, ($B$H$/$KJ#?t$N>l=j$GF1;~$K9T$o$l$k(B
$BJQ99$N;~(B) $B%m!<%+%k$N%=!<%9$K@lG0$G$-$^$9(B. $BFCDj$N%$%s%9%?%s%9$K(B
$BH<$&$h$&$JFCJL$JM}M3$G$b$J$$8B$j(B, $B6&DL$N4D6-$r%Y!<%9$K$7$F:n6H$r(B
$B4JC1$K$9$k$?$a$K(B, $B$I$s$JJQ99$b(B 3.0-current $B$X$NJQ99$H$9$k$h$&$K(B
$B$7$F$/$@$5$$(B.
<P></P></LI>
<LI><A NAME="#rule4_4"></A>$B%3!<%I$rJQ99$r$9$k$?$S$K(B, $B%l%S%e!<$9$k?MC#$K(B
$BAw$kA0$KD>@\%F%9%H$r9T$&(B ($B$D$^$j%S%k%I$7$F3:Ev$9$k%b%8%e!<%k$r<B9T(B
$B$9$k(B) $B$h$&$K$7$F$/$@$5$$(B. $BL@$i$+$K2u$l$F$$$k$b$N$r%l%S%e!<$7$?$$$H(B
$B;W$&?M$O$$$^$;$s(B. $B$A$c$s$H%F%9%H$9$k$?$a$K(B 2.1, 2.2 $B$d(B 3.0 $B>e$G$N(B
$B%"%+%&%s%H$,I,MW$J$i8@$C$F2<$5$$(B - $B%W%m%8%'%/%H$O$=$NL\E*$G$3$l$i$N(B
$B4D6-$rMQ0U$7$F$"$j$^$9(B.
<P></P></LI>
<LI><A NAME="#rule4_5"></A>$B%3%_%C%H$9$kJ}!9$X(B:
-current $B%Q%C%A$,(B 2.2 $B$d(B 2.1 $B%V%i%s%A$K$b9g$&$h$&$KI,$:?4$,$1$F2<$5$$(B.
<P></P></LI>
<LI><A NAME="#rule4_6"></A>$BITI,MW$K$"$J$?9%$_$N%9%?%$%k$K%3!<%I$r(B
$B=q$-49$($J$$$G2<$5$$(B - $B$=$l$O%l%S%e!<$9$k?M$K$H$C$F(B, $BI,MW$N$J$$(B, $B$h$j(B
$BFq2r$J;E;v$r:n$k$@$1$G$9(B. $B$=$l$r$9$k$N$KL@3N$J5;=Q>e$NM}M3$,$"$k;~$K(B
$B$@$19T$&$h$&$K$7$F$/$@$5$$(B.
</LI>
</UL>
<P></P></LI>
<LI><A NAME="#rule5"></A>$BC10l$N%O%s%I%i$GJ#;($J=hM}$r9T$&$h$&$J(B
$B%W%m%0%i%`$K5$$r$D$1$F2<$5$$(B. $B$$$m$$$m$J%i%$%V%i%jCf$NB?$/$N4X?t$O(B,
$B$=$N$h$&$J=hM}$r0BA4$K9T$($k$[$I=<J,$K%j%(%s%H%i%s%H$K$O:n$i$l$F(B
$B$$$^$;$s(B.
<P></P></LI>
<LI><A NAME="#rule6"></A>realloc() $B$N;H$$J}$K$O:Y?4$NCm0U$rJ'$C$F2<$5$$(B
- $B@5$7$/;H$o$l$F$$$J$$$3$H$O(B, $B$J$$$o$1$G$O$J$/$`$7$mIQHK$K5/$3$C$F$$$k(B
$B$3$H$G$9(B.
<P></P></LI>
<LI>$B8GDjD9%P%C%U%!$r;H$&>l9g(B, $B%P%C%U%!%5%$%:$,JQ99$5$l$?$K$b$+$+$o$i$:(B
$B%3!<%I$,(B sizeof() $B$r;H$C$F$$$J$$$,$?$a$KH/@8$9$kLdBj$rKI$0$?$a$K(B,
sizeof() $B$r;HMQ$9$k$h$&$K$7$F2<$5$$(B. $BNc$r5s$2$k$H(B:
<LISTING> char buf[1024];
struct foo { ... };
...
BAD:
xxx(buf, 1024)
xxx(yyy, sizeof(struct foo))
GOOD:
xxx(buf, sizeof(buf))
xxx(yyy, sizeof(yyy))</LISTING>
$B%]%$%s%?$,%]%$%s%H$7$F$$$k@h$N%5%$%:$rCN$j$?$$$H$-$K(B, $B%]%$%s%?$N(B
$B%5%$%:$r7W;;$7$J$$$h$&$KCm0U$7$F2<$5$$(B.
<P></P></LI>
<LI>``char foo[###]'' $B$r8+$D$1$k$?$S$K(B, foo $B$N;H$$J}$r%A%'%C%/$7$F%*!<%P!<(B
$B%U%m!<$r5/$3$5$J$$$3$H$r3NG'$7$F2<$5$$(B. $B%*!<%P!<%U%m!<$r2sHr$G$-$J$$(B
($B$+(B, $B%*!<%P!<%U%m!<$,5/$3$jF@$k(B) $B$H$-$O(B, $B:GDc$G$b%9%?%C%/$r?)$$DY$5$J$$(B
$B$h$&$K$9$k$?$a$K(B malloc(3) $B$G%P%C%U%!NN0h$r$H$k$h$&$K$7$F2<$5$$(B.
<P></P></LI>
<LI>$B$G$-$k$@$1Aa$$CJ3,$G%U%!%$%k5-=R;R$r%/%m!<%:$9$k$h$&$K$7$F2<$5$$(B.
$B$3$l$OI8=`F~=PNO%P%C%U%!$NFbMF$r<N$F5n$k$3$H$h$j$bBg@Z$J$3$H$G$9(B.
$B%i%$%V%i%j%k!<%A%s$NCf$G(B, $B$"$J$?$,3+$$$?%U%!%$%k5-=R;R$r>o$KJD$8$k(B
$B$h$&$K$7$F$/$@$5$$!#(B
<P></P></LI>
</UL>
&footer
</body>
</html>

3
ja/Makefile
View file

@ -1,4 +1,4 @@
# $Id: Makefile,v 1.13 1998-07-07 03:14:10 hanai Exp $
# $Id: Makefile,v 1.14 1998-07-26 10:51:28 hanai Exp $
# The FreeBSD Japanese Documentation Project
# Original revision: 1.24
@ -35,6 +35,7 @@ atoz.sgml: web.atoz
#SUBDIR= cgi commercial gifs ports releases tutorials
SUBDIR= docproj ports releases
SUBDIR=+ security
# Subdirectories that have linuxdoc docs and makefiles that use
# <bsd.sgml.mk>.

12
ja/security/Makefile Normal file
View file

@ -0,0 +1,12 @@
# $Id: Makefile,v 1.1 1998-07-26 10:51:31 hanai Exp $
.if exists(Makefile.conf)
.include "Makefile.conf"
.endif
DOCS=
DOCS+= programmers.sgml
#DOCS+= security.sgml
#DOCS+= secure.sgml
.include "../web.mk"

203
ja/security/programmers.sgml Normal file
View file

@ -0,0 +1,203 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN" [
<!ENTITY base CDATA "..">
<!ENTITY date "$Date: 1998-07-26 10:51:34 $">
<!ENTITY title "Security Do's and Don'ts for Programmers">
<!ENTITY % includes SYSTEM "../includes.sgml"> %includes;
]>
<!-- $Id: programmers.sgml,v 1.1 1998-07-26 10:51:34 hanai Exp $ -->
<html>
&header;
<P></P><UL>
<LI><A NAME="#rule1"></A>$B$I$s$JF~NO%=!<%9$b?.MQ$7$J$$$3$H(B. $B$D$^$j(B, $B%3%^%s%I(B
$B%i%$%s0z?t(B, $B4D6-JQ?t(B, $B@_Dj%U%!%$%k(B, $BE~Ce$7$?(B UDP $B%Q%1%C%H(B, $B%[%9%HL>;2>H(B,
$B4X?t0z?t$J$I(B, $B$I$l$b?.MQ$7$F$O$$$1$^$;$s(B. $B$=$b$=$b(B, $B<u$1<h$C$?%G!<%?D9$d(B
$BFbMF$,3F%W%m%0%i%`$d4X?t$N%3%s%H%m!<%k30$N$b$N$J$i(B, $B%W%m%0%i%`$d4X?t$O$=(B
$B$N%G!<%?$r%3%T!<$9$k;~$KCm0U$r$O$i$&$Y$-$G$9(B. $B$3$N<o$N%;%-%e%j%F%#LdBj$r(B
$B5s$2$k$H(B:
<P></P><UL>
<LI><A NAME="#rule1_1"></A>$B%G!<%?6-3&$r1[$($k$h$&$J(B strcpy() $B$d(B sprintf()
$B4X?t$N8F$S=P$7(B. $B$b$7%G!<%?D9$,J,$+$C$F$$$k$N$J$i(B, strncpy() $B$d(B snprintf()
$B4X?t$r;H$&(B ($B$b$7$/$O(B, $B$=$l$,;H$($J$$$N$J$i6-3&%A%'%C%/$r;\$7$?JL$NJ*$r(B
$BAH$_9~$`(B) $B$h$&$K$7$F2<$5$$(B. $B<B:](B, gets() $B$d(B sprintf() $B$O:#8e7h$7$F(B
$B;H$o$l$k$3$H$O$"$j$^$;$s(B.
<P></P></LI>
<LI><A NAME="#rule1_1"></A>strncpy() $B$d(B strncat() $B4X?t$N8F$S=P$7(B. $B$=$l$i$N(B
$B4X?t$,$I$N$h$&$KF0:n$9$k$N$+$K$D$$$FM}2r$7$F$$$k$3$H$r3N$+$a$F2<$5$$(B.
strncpy() $B4X?t$O=*C<J8;z(B \\0 $B$rIU$1B-$5$J$$$3$H$,$"$k$N$KBP$7(B, strncat()
$B4X?t$O>o$K(B \\0 $B$rIU$1B-$7$^$9(B.
<P></P></LI>
<LI><A NAME="#rule1_2"></A>strvis(3) $B$d(B getenv(3) $B4X?t$NMpMQ$K5$$r$D$1$k(B
$B$3$H(B. strvis() $B$O4V0c$C$?%3%T!<@hJ8;zNs$r4JC1$K:n$C$F$7$^$$$^$9$7(B,
getenv() $B$OA[Dj$5$l$kD9$5$r$O$k$+$K1[$($kJ8;zNs$rJV$9$3$H$b$"$j$^$9(B.
$B$3$l$i$O%W%m%0%i%`$X$N967b$G$7$P$7$P;H$o$l$k>oEe<jCJ$N0l$D$G(B, $B4D6-(B
$BJQ?t$rM=A[$b$7$J$+$C$?CM$K@_Dj$7$F%9%?%C%/$dJQ?t$r>e=q$-$5$;$k$N$G$9(B.
$B$"$J$?$N%W%m%0%i%`$,4D6-JQ?t$rFI$s$G$$$k$N$J$i(B, $BJP<9E*$K$J$i$J$$$H(B
$B$$$1$^$;$s(B!
<P></P></LI>
<LI>open(2) $B$d(B stat(2) $B4X?t$r8+$D$1$k$?$S$K(B, "$B%"%/%;%9$7$h$&$H$7$F$$$k(B
$B%U%!%$%k$,%7%s%\%j%C%/%j%s%/$@$C$?$i$I$&$J$k$@$m$&!)(B" $B$H<+Ld$7$F2<$5$$(B.
<P></P></LI>
<LI><A NAME="#rule1_3"></A>mktemp(), tempnam(), mkstemp() $B4X?t$J$I$r;HMQ(B
$B$7$F$$$k$H$3$m$G$OBe$o$j$K(B mkstemp() $B$,;HMQ$5$l$F$$$k$3$H$r3NG'$7$F(B
$B2<$5$$(B. $B2C$($F(B, /tmp $B$NCf$G%"%H%_%C%/$K$J$k$3$H$O$[$H$s$I$J$$$H$$$&(B
$B$3$H$K5$$E$$$F(B, /tmp $BCf$N6%9g$,H/@8$7$F$$$J$$$+C5$7$F$_$F2<$5$$(B.
<UL>
<LI>$B%G%#%l%/%H%j$N:n@.(B. $B$3$l$O@.8y$9$k$+<:GT$9$k$+$N$I$A$i$+$G$9(B.
<LI>O_CREAT | O_EXCL $B%b!<%I$G$N%U%!%$%k$N%*!<%W%s(B
</UL>
mkstemp(3) $B$O$3$&$$$C$?$3$H$r$"$J$?$N$?$a$K@5$7$/$d$C$F$N$1$F$/$l$^(B
$B$9(B. $B$=$&(B, $B6%9g$r5/$3$5$J$$$G@5$7$$5v2D8"$G%F%s%]%i%j%U%!%$%k$,:n@.$5$l$k(B
$B$3$H$rJ]>Z$9$k$K$O(B mkstemp() $B$r;H$o$J$1$l$P$$$1$J$$$N$G$9(B.
<P></P></LI>
<LI><A NAME="#rule1_4"></A>$B967b<T$,E,Ev$JJL$N%7%9%F%`$+$i%Q%1%C%H$r(B
$BEj$2$?$j(B, $B%Q%1%C%H$r<u$1<h$C$?$j$9$k$h$&$K6/$$$k$3$H$,$G$-$k$N$J$i(B,
$B;dC#$,<u$1$k%G!<%?$r40A4$K%3%s%H%m!<%k$9$k$3$H$,$G$-$^$9$7(B, $B$=$l$i$N(B
*$B$$$:$l$b(B*$B?.MQ$G$-$J$$$b$N$H$J$j$^$9(B.
<P></P></LI>
<LI><A NAME="#rule1_5"></A>2.1 $B$H(B 2.2 $B$K$*$1$k(B UID, EUID, SVUID $B$N(B
$B0c$$$rM}2r$7$F2<$5$$(B. $B;d$?$A$bM}2r$7$F$$$^$;$s(B. [XXX $B$7$+$7(B Bruce $B$H(B
$BOC$79g$C$?8e$GM}2r$7$F$3$3$rKd$a$J$1$l$P$$$1$^$;$s(B]
<P></P></LI>
<LI><A NAME="#rule1_6"></A>$B@_Dj%U%!%$%k$,@5$7$$%U%)!<%^%C%H$K$J$C$F$$$k(B,
$B$"$k$$$O4XO"%f!<%F%#%j%F%#$G:n@.$5$l$F$$$k(B, $B$J$I$H;W$C$F$O$$$1$^$;$s(B.
$BJQ$J$3$H$r$9$k%A%c%s%9$5$($"$l$P(B, $B$R$M$/$l$?%/%i%C%+!<$,$-$C$H$=$NJQ$J(B
$B$3$H$r$7$G$+$7$F$7$^$&$G$7$g$&(B: $BC<KvL>$d8@8lJ8;zNs$J$I%Q%9L>$NCf$K(B '/'
$B$d(B '../../...' $B$H$$$C$?%U%j!<%9%?%$%k$NJ8;z$,F~$k;~$O%f!<%6$NF~NO$r(B
$B?.MQ$7$F$O$$$1$^$;$s(B. root $B8"8B$G(B setuid $B$,%;%C%H$5$l$F$$$k>uBV$N$H$-$O(B
$B%f!<%6$+$iM?$($i$l$k(B *$B0l@Z$N(B* $B%Q%9L>$r?.MQ$7$F$O$$$1$^$;$s(B.
<P></P></LI>
<LI><A NAME="#rule1_7"></A>$B%G!<%?$N3JG<$5$l$kJ}K!$K4X$7$F$N%;%-%e%j%F%#(B
$B%[!<%k$d<eE@$K5$$r$D$1$F2<$5$$(B. $B%F%s%]%i%j%U%!%$%k$N5v2D8"$O$I$l$b(B
600 $B$K$J$C$F$$$J$$$H$$$1$^$;$s(B.
<P></P></LI>
<LI><A NAME="#rule1_8"></A>$B9b$$8"8B$G<B9T$9$k2DG=@-$N$"$k%W%m%0%i%`$+$i(B
$B$*$-$^$j$NLdBj$N%3!<%I$r8+$D$1$k$N$K(B grep $B$7$F$O$$$1$^$;$s(B. strcpy()
$B$N$h$&$J4X?t$,%*!<%P%U%m!<$r$*$3$9$H$$$C$?$3$H$h$j$b?tB?$/$N%*!<%P!<(B
$B%U%m!<$N%1!<%9$,$"$k$N$G(B, 1 $B9T(B 1 $B9T%3!<%I$rDI$C$F$$$/$h$&$K$7$J$1$l$P(B
$B$$$1$^$;$s(B.
<P></P></LI>
<LI><A NAME="#rule1_9"></A>$BI,MW$N$J$$!JLuCm(B root $B$J$I$N!KFC8"$r;H$o$J$$(B
$B$+$i$H$$$C$F(B, $B!J?/F~<T$K!K0-MQ$5$l$k2DG=@-$,$J$/$J$k$o$1$G$O$"$j$^$;$s(B.
$B967b<T$OI,MW$J<B9T%3!<%I$r%9%?%C%/$K@Q$s$G$+$i(B /bin/sh $B$r<B9T$7$h$&$H(B
$B$9$k$+$b$7$l$^$;$s(B.
</LI>
</UL>
<P></P></LI>
<LI><A NAME="#rule2"></A>UID $B$r4IM}$9$k$h$&$K$7$F2<$5$$(B. $B$=$&(B, $B$G$-$k$@$1(B
$B$O$d$/FC8"$r40A4$K<N$F5n$k$N$G$9(B. EUID $B$H(B UID $B$H$r@ZBX$($kI,MW$O(B
$B$"$j$^$;$s(B. setuid() $B$r$G$-$k8B$jAa4|$K9T$J$($P$$$$$N$G$9(B.
<P></P></LI>
<LI><A NAME="#rule3"></A>$B%(%i!<$N$"$C$?@_Dj%U%!%$%k$NFbMF$r@dBP$K2hLL$K(B
$BI=<($7$J$$$h$&$K$7$F2<$5$$(B. $B9THV9f(B, $B$=$l$+$i7e?t$,J,$+$l$P==J,$G$9(B.
$B%i%$%V%i%j$H(B SUID/SGID $B$,@_Dj$5$l$F$$$k%W%m%0%i%`$K$3$l$i$N$3$H$,(B
$B8@$($^$9(B.
<P></P></LI>
<LI><A NAME="#rule4"></A>$B%;%-%e%j%F%#LdBj$K4X$7$F$N(B, $B8=B8$9$k%3!<%I$N(B
$B%l%S%e!<$N$?$a$N(B Tips:
<P></P><UL>
<LI><A NAME="#rule4_1"></A>$B%;%-%e%j%F%#%U%#%C%/%9$K$D$$$F$"$J$?$,3N?.$r(B
$B;}$F$J$$$N$J$i(B, $BL\$rDL$7$F$b$i$&$?$a$K$"$J$?$,@0$($?%3!<%I$r%l%S%e!<(B
$B$9$k?M$KAw$C$F2<$5$$(B. $B0BA4$NL>$K$*$$$F(B, $B$+$J$jLq2p$JLdBj$r0z$-5/$3$5(B
$B$J$$$3$H$r3N?.$G$-$J$$$&$A$O%3%_%C%H$7$F$O$$$1$^$;$s(B. :)
<P></P></LI>
<LI><A NAME="#rule4_2"></A>CVS $B%3%_%C%H$N8"8B$N$J$$$b$N$O(B, $BJQ99$N(B
$B%l%S%e!<$r:G8e$K9T$C$??M$K$=$N8"8B$,$"$k$3$H$r3NG'$9$Y$-$G$9(B. $B$=$N(B
$B?M$O%l%S%e!<$H:G=*%P!<%8%g%s$N%D%j!<$X$N<h$j9~$_$NN>J}$r$9$k$3$H$K(B
$B$J$j$^$9(B.
<P></P></LI>
<LI><A NAME="#rule4_3"></A>>$B%l%S%e!<$9$k?M$KJQ99E@$rAw$k;~(B, $B4JC1$K(B
patch(1) $B$rEv$F$i$l$k$h$&$K$9$k$?$a$K(B context $B$+(B unidiff $B7A<0$N(B
diff $B$r;H$&$h$&$K$7$F2<$5$$(B. $B%U%!%$%k$^$k$4$HAw$i$J$$$G2<$5$$(B!
Diff $B$O4JC1$KFI$`$3$H$,$G$-$k$7(B, ($B$H$/$KJ#?t$N>l=j$GF1;~$K9T$o$l$k(B
$BJQ99$N;~(B) $B%m!<%+%k$N%=!<%9$K@lG0$G$-$^$9(B. $BFCDj$N%$%s%9%?%s%9$K(B
$BH<$&$h$&$JFCJL$JM}M3$G$b$J$$8B$j(B, $B6&DL$N4D6-$r%Y!<%9$K$7$F:n6H$r(B
$B4JC1$K$9$k$?$a$K(B, $B$I$s$JJQ99$b(B 3.0-current $B$X$NJQ99$H$9$k$h$&$K(B
$B$7$F$/$@$5$$(B.
<P></P></LI>
<LI><A NAME="#rule4_4"></A>$B%3!<%I$rJQ99$r$9$k$?$S$K(B, $B%l%S%e!<$9$k?MC#$K(B
$BAw$kA0$KD>@\%F%9%H$r9T$&(B ($B$D$^$j%S%k%I$7$F3:Ev$9$k%b%8%e!<%k$r<B9T(B
$B$9$k(B) $B$h$&$K$7$F$/$@$5$$(B. $BL@$i$+$K2u$l$F$$$k$b$N$r%l%S%e!<$7$?$$$H(B
$B;W$&?M$O$$$^$;$s(B. $B$A$c$s$H%F%9%H$9$k$?$a$K(B 2.1, 2.2 $B$d(B 3.0 $B>e$G$N(B
$B%"%+%&%s%H$,I,MW$J$i8@$C$F2<$5$$(B - $B%W%m%8%'%/%H$O$=$NL\E*$G$3$l$i$N(B
$B4D6-$rMQ0U$7$F$"$j$^$9(B.
<P></P></LI>
<LI><A NAME="#rule4_5"></A>$B%3%_%C%H$9$kJ}!9$X(B:
-current $B%Q%C%A$,(B 2.2 $B$d(B 2.1 $B%V%i%s%A$K$b9g$&$h$&$KI,$:?4$,$1$F2<$5$$(B.
<P></P></LI>
<LI><A NAME="#rule4_6"></A>$BITI,MW$K$"$J$?9%$_$N%9%?%$%k$K%3!<%I$r(B
$B=q$-49$($J$$$G2<$5$$(B - $B$=$l$O%l%S%e!<$9$k?M$K$H$C$F(B, $BI,MW$N$J$$(B, $B$h$j(B
$BFq2r$J;E;v$r:n$k$@$1$G$9(B. $B$=$l$r$9$k$N$KL@3N$J5;=Q>e$NM}M3$,$"$k;~$K(B
$B$@$19T$&$h$&$K$7$F$/$@$5$$(B.
</LI>
</UL>
<P></P></LI>
<LI><A NAME="#rule5"></A>$BC10l$N%O%s%I%i$GJ#;($J=hM}$r9T$&$h$&$J(B
$B%W%m%0%i%`$K5$$r$D$1$F2<$5$$(B. $B$$$m$$$m$J%i%$%V%i%jCf$NB?$/$N4X?t$O(B,
$B$=$N$h$&$J=hM}$r0BA4$K9T$($k$[$I=<J,$K%j%(%s%H%i%s%H$K$O:n$i$l$F(B
$B$$$^$;$s(B.
<P></P></LI>
<LI><A NAME="#rule6"></A>realloc() $B$N;H$$J}$K$O:Y?4$NCm0U$rJ'$C$F2<$5$$(B
- $B@5$7$/;H$o$l$F$$$J$$$3$H$O(B, $B$J$$$o$1$G$O$J$/$`$7$mIQHK$K5/$3$C$F$$$k(B
$B$3$H$G$9(B.
<P></P></LI>
<LI>$B8GDjD9%P%C%U%!$r;H$&>l9g(B, $B%P%C%U%!%5%$%:$,JQ99$5$l$?$K$b$+$+$o$i$:(B
$B%3!<%I$,(B sizeof() $B$r;H$C$F$$$J$$$,$?$a$KH/@8$9$kLdBj$rKI$0$?$a$K(B,
sizeof() $B$r;HMQ$9$k$h$&$K$7$F2<$5$$(B. $BNc$r5s$2$k$H(B:
<LISTING> char buf[1024];
struct foo { ... };
...
BAD:
xxx(buf, 1024)
xxx(yyy, sizeof(struct foo))
GOOD:
xxx(buf, sizeof(buf))
xxx(yyy, sizeof(yyy))</LISTING>
$B%]%$%s%?$,%]%$%s%H$7$F$$$k@h$N%5%$%:$rCN$j$?$$$H$-$K(B, $B%]%$%s%?$N(B
$B%5%$%:$r7W;;$7$J$$$h$&$KCm0U$7$F2<$5$$(B.
<P></P></LI>
<LI>``char foo[###]'' $B$r8+$D$1$k$?$S$K(B, foo $B$N;H$$J}$r%A%'%C%/$7$F%*!<%P!<(B
$B%U%m!<$r5/$3$5$J$$$3$H$r3NG'$7$F2<$5$$(B. $B%*!<%P!<%U%m!<$r2sHr$G$-$J$$(B
($B$+(B, $B%*!<%P!<%U%m!<$,5/$3$jF@$k(B) $B$H$-$O(B, $B:GDc$G$b%9%?%C%/$r?)$$DY$5$J$$(B
$B$h$&$K$9$k$?$a$K(B malloc(3) $B$G%P%C%U%!NN0h$r$H$k$h$&$K$7$F2<$5$$(B.
<P></P></LI>
<LI>$B$G$-$k$@$1Aa$$CJ3,$G%U%!%$%k5-=R;R$r%/%m!<%:$9$k$h$&$K$7$F2<$5$$(B.
$B$3$l$OI8=`F~=PNO%P%C%U%!$NFbMF$r<N$F5n$k$3$H$h$j$bBg@Z$J$3$H$G$9(B.
$B%i%$%V%i%j%k!<%A%s$NCf$G(B, $B$"$J$?$,3+$$$?%U%!%$%k5-=R;R$r>o$KJD$8$k(B
$B$h$&$K$7$F$/$@$5$$!#(B
<P></P></LI>
</UL>
&footer
</body>
</html>