  Secure Programming for Linux HOWTO
  David A. Wheeler, dwheeler@dwheeler.com
  version 1.30, 9 February 2000
    hisai@din.or.jp
  2000/09/22

  ̃hLg Linux ňS߂vOꍇɕK
  vɂȂ݌vƎ̂ɂāÃKChC܂BS
  ߂vOƂ́Aڑɑ݂f[^̃r[A[A CGI
  XNvgAlbg[N֘ÃT[o[Asetuid/setgid ĂvO
  ȂǂłB
  ______________________________________________________________________

  ڎ

  1. _
  2. wi
     2.1 Linux ƃI[vE\[XE\tgEGA
     2.2 ZLeB̌
     2.3 S߂vO̎
     2.4 ^[A肪Ƃ͔ł
     2.5 ݌vƎsɓẴKChCƂȂ񌹂ɂ
     2.6 ̃hLgł̕\L

  3. Linux ̃ZLeB@\ɂĂ̊Tv
     3.1 vZXƂ
        3.1.1 vZXĂ鑮
        3.1.2 POSIX PCpreB
        3.1.3 vZX̍쐬Ƃ̑
     3.2 t@CVXe
        3.2.1 t@CVXe̍\vf̑
        3.2.2 쐬̏l
        3.2.3 ANZX̑ύX
        3.2.4 ANZX̑gɂ
        3.2.5 t@CVXe̊Kw
     3.3 System V IPC
     3.4 \Pbgƃlbg[Nڑ
     3.5 quota ƃ\[X̐
     3.6 Audit(č)
     3.7 PAM

  4. ׂ͂̂Ă؂邱
     4.1 R}hC
     4.2 ϐ
     4.3 t@CEfBXNv^
     4.4 t@C̓e
     4.5 CGI ̓
     4.6 ̑̓
     4.7 ͐Ԃƕ׃x̐

  5. obt@I[o[t[̉
     5.1 C/C++ ̊댯ȂƂ
     5.2 C/C++ ̃Cuɂ
     5.3 C/C++ ̃RpC̉
     5.4 ̌

  6. vÕC^tF[XƓ\Ƃ邱
     6.1 C^tF[XS
     6.2 p[~bVŏ
     6.3 ftHg͈S
     6.4 tFCEI[v
     6.5 Ԃ͔܂傤
     6.6 MłoHM邱
     6.7 ̐`FbNR[hgp܂傤
     6.8 \[XK܂傤

  7. ̃\[X𗘗pꍇ͐Td
     7.1 lłĂяo
     7.2 VXeR[̕Ԃlׂ͂ă`FbN܂傤

  8. ͂肷ătB[hobN܂傤
     8.1 tB[hobN͍ŏ
     8.2 o͂ĂAxꍇΏ邱

  9. gsbN
     9.1 bN
     9.2 pX[h
     9.3 
     9.4 ÍASYƒʐMvgR
     9.5 Java
     9.6 PAM
     9.7 ̑

  10. _
  11. Ql
  12. hLg̃CZX
  13. {Ŏӎ

  ______________________________________________________________________

  1.  _

  ̃hLg Linux ňS߂vOꍇɕK
  vɂȂ݌vƎ̂ɂāÃKChC܂B̃h
  Lg̖ړÍAuSȃvOvłBSȃvOƂ̓Z
  LeB̖hǂƂȂĂAvOgƓANZX
  ĂȂ͐悩̓͂󂯎vÔƂłB̂悤ȃv
  OƂāAڑɑ݂f[^邽߂̃AvP[VACGI
  XNvgAlbg[N֘ÃT[o[Asetuid/setgid ĂvO
  Ȃǂ܂B̃hLgł́ALinux ̃J[l̂̏C
  ͎戵܂񂪁Aŋc_@̑̓J[l̏CɂL
  łB̃KChĆASȃvO߂̗lXȏ
  (Ҏg̍l܂܂Ă܂)uPƂĊwłƁv
  āȀW听ƂĂ܂Ƃߒ̂łB

  ̃hLgł́ASɂĂ̕ۏ؊\tgEGAHw̎@A
  iۏ؂̎@͈܂B͑؂ȂƂłAłɑ̂Ƃ
  ōL_Ă܂B̎@ɂ́AeXgAsAEr[AR
  tBM[VǗAtH[}\bh܂BZLeBɂ
  Ă̊J̕ۏ؊ɂẮAthe Common Criteria [CC 1999]  the
  System Security Engineering Capability Maturity Model [SSE-CMM 1999]
  Ȃǂ܂B\tgEGAHw̎@ɂẮASoftware Engineering
  Institute's Capability Maturity Model for Software (SE-CMM)  ISO
  9000 (ISO 9001  ISO 9001-3 ƍ킹ĎQƂ̂)AISO 12207 Ȃǂɏ
  Ă܂B

  󒐁F

  o  sAEr[Ƃ́A̐ƂƈӌsȂ

  o  tH[}\bhƂ́A݌vsȂɓāAwI(vI)Ȏ
     @p@_

  o  [CC 1999] Ƃ\ĹAQl\

  ̃hLǵÅœĂVXe(̓lbg
  [N)Sɐݒ肷@c_Ă܂Bݒ@̓vO
  Sɗpł͕K{̎łAȊOɈSȐݒ@ɂ
  _Ă镶݂܂BS Linux VXeғ@
  ɂẮAFenzi [1999]ASeifried [1999]AWreski [1998] ͂߂Ƃ
  āAłɍL_Ă܂B

  ̃hLǵAǎ҂݂̂Ȃ񂪃Rs[^̈SɂĂ
  ĂAUNIX CNȃVXẽZLeBEf C ɂ
  ĂĂ邱ƂOƂĂ܂B܂AZLeBɊ֘A
  Linux ̃vO~OEfɂĂ኱łĂ܂B

  ̃hLǧ{ <http://www.dwheeler.com>ɂ܂B܂
  Linux Documentation Project (LDP)  <http://www.linuxdoc.org> ɂ܂
  Ă܂(LDP ł́A{Â\܂)B

  ̃hLg David A. Wheeler 쌠((C) 1999-2000 David A.
  Wheeler) ێĂ܂B܂ GNU General Public License (GPL) 
  Ă͕̌ی삳Ă܂BڂƂ͂̃hLg̍Ō
  ZNVQƂĂB
  ̃hLg͂܂ Linux ̔wiƂ̃ZLeBɂĘ_
  B̃ZNVł́AʓI Linux ̃ZLeBEfɂ
  āAvZXt@CVXeΏۂɁȂƎ戵ʂ茩
  Ă܂B̎ɂ̃hLg̒SƂȂ Linux ł̃AvP
  [VJ̐݌vƎɂẴKChC܂B̒ł
  L̍ڂグĂ܂B

  o  ׂ͂̂Ă؂邱

  o  obt@I[ot[邱

  o  vÕC^tF[XƓ\Ƃ邱

  o  ̃\[X𗘗pꍇ͐Tdɍs

  o  ZLeBɋCzďƂ肷邱

  o  ̑֘A(̎擾@Ȃ)

     ŌɌ_ƎQlł߂܂B

  2.  wi

  2.1.  Linux ƃI[vE\[XE\tgEGA

  1984 N Richard Stallman  Free Software Foundation (FSF)
  āAGNU vWFNgƂAt[ UNIX Iy[eBOVXe
  グvWFNg𗧂グ܂Bt[ƂtŁAStallman 
  ͗p邱ƁAe(\[X)ǂނƁAC邱ƁAĔzz邱
  ƂRɂł\tgEGA\܂B FSF ͐֗̕ȃc[
  Q쐬邱Ƃł܂AƎ̃Iy[eBOVXẽJ[
  lv悤ɊJłɂ܂ [FSF 1998]B 1991 N Linus
  Torvalds uLinuxvƂIy[eBOVXẽJ[lJ
  ͂߂܂ [Torvalds 1999]B̃J[l FSF ⑼̃c[Ƒ܂
  āARɉςłAւpIȃIy[eBOVXeƂȂ
  B̃hLgł̓J[lwtƂāuLinux J[lv
  AVXeŜtƂāuLinuxvgp܂(lȈӖ
  GNU/Linux Ƃ\gꍇX܂)B

  lXȒĉꂼɁA֗ȃc[Q̃J[lƑgݍ킹Ă
  B̑gufBXgr[VvƌĂсAĉufBXg
  r[^vƌĂł܂B悭mꂽfBXgr[^ɂ Red
  HatAMandrakeASuSEACalderaACorelA Debian ܂B̃hL
  g͓̃fBXgr[VɃ^[Qbg𓖂ĂĂ܂񂪁AJ[
  l̃o[W 2.2 ȏ C Cu glibc 2.1 ȏł邱
  OɂĂ܂B݂̎vȃfBXgr[Vׂ͂āȂO
  𖞂Ă܂B

  ut[\tgEGAvւ̊֐SɂA̒`ƐsKv
  łĂ܂BԂōLgpĂ錾t́uI[vE\[XE\t
  gEGAvłA [OSI 1999] ŏڍׂɒ`Ă܂B Eric Raymond
  [1997, 1998] ̒ŁAt[\tgEGÅJߒɂāAƑnɕx
  񂾘_\Ă܂B

  Linux ͂ UNIX ƌĂ΂̂\[XR[h𗬗pĂ܂
  B̃C^[tF[X͔ UNIX CNłB̂ UNIX
  Ŋw񂾋P͂̂܂ Linux ɂĂ͂܂܂BZLeB
  ɂĂlłB̃hLgŏqׂĂ̑啔́A
  ۂ̂Ƃ둼 UNIX CNȃVXełɗ܂B Linux 
  L̏Ӑ}IɉĂ܂B Linux ̎Dꂽ\͂
  o߂łB̃hLgł͂ Linux VXeɏœ_𓖂
  āAΏۂƂȂVXe߂Ă܂BׂĂ UNIX CNȃVXe
  ΏۂɂĂ܂ƁA|[eBO⑼̃VXe̋@\ɂĂ̏ڍׂȌ
  KvɂȂĂ܂AʂƂẴhLg̗ʂĂ܂
  ߂łB
  Linux ͔ UNIX CNŁAUNIX ̎ZLeB֘Â݂
  Ă܂B݂̂Ƃ́AvZXɑ΂郆[UO[v
  ID(uid  gid)Aǂ݁^^sꂼ̃p[~bVt@C
  VXeASystem V R̃vZXԒʐM(IPC)A\Pbgx[X
  IPC(lbg[N𗘗pʐM܂)łB UNIX VXeʂ̊{
  IȃZLeBɂĂ̏́A Thompson [1974]  Bach [1986] 
  ĂBZNV 3 ł Linux ̃ZLeB@\̃L[|Cg
  T܂B

  2.2.  ZLeB̌

  ZLeB̌ɂẮAȂ炸mĂKv܂B
  [Pfleeger 1997] ̂悤ȁARs[^ɊւZLeBSʂɂ
  ꂽЂǂłB

  Saltzer [1974]  Saltzer and Schroeder [1975] ɂāASی삷
  邽߂̃VXe݌vsɓāǍɂĉL̂悤ɂ܂
  ߂Ă܂B݂͌łȂLłB

  o  ł邾ȂB[UvOɂ́Ał邾
     Ȃ悤ɂ邱ƁB΁AU҂ɂ_[Wŏ
     ɗ}

  o  ݂PɁBhVXe͏PȐ݌vɂ邱

  o  I[vȐ݌vBh䂷邵݂́AU҂݂̂̒m
     ȂƂɈˑĂ͂ȂȂBtɁÂ݂͌Jꂽ̂ŁA
     pX[ĥ悤ɔrIȂ (ĊȒPɕς)Ŕ閧
     邱ƁBĂ΁ALO҂`FbN󂯂B
     Bruce Schneier ́A̐؂GWjAȂ΁AuZLeBɊ
     邷ׂẴR[h̓I[vE\[Xł邱Ƃ咣vɈ
     ȂƂĂB܂邱ƂŁALO҂烌r[
     AŖƂȂC邱ƂؖĂ
     B[Schneier 1999]

  o  SɒsƁBׂẴANZX`FbNȂ΂Ȃ
     B`FbN邵݂́AꂪjȂƂɒuƁBƂ
     ΁ANCAg-T[o[Efł΁AT[o[łׂẴAN
     ZX`FbNKvB̓[UANCAgV
     쐬Â̂C邱Ƃ\Ȃ߂ł

  o  p[~bVp邱ƁBftHgł̓T[rXۂ邱

  o  WȂBΏۂւ̃ANZXɓāAzIɂ͕̏
     KvB΁AhVXej
     AȃANZX悤ȂƂɂ͂ȂȂ

  o  ʂ݂͂ł邾pȂB݂ʉƁA
     Ȁ̗̒Ŋ댯͂񂾌oHɂȂĂ܂ꂪB
     ĕIɂ_IɂƗ邱

  o  ȒPɎgB[UphȂ悤ɁAȒPɎg悤ɂ
     邱

  2.3.  S߂vO̎

  S͑ɓnvO(̃hLgŒ`Ă)ɋ߂
  Ă܂B\IȂ̂Ă݂܂B

  o  [gɂf[^邽߂̃AvP[VBr[A[([h
     vZbTt@CtH[}bg邽߂̃r[A[Ȃ)ƂĎg
     vOł́AꂽƂɂMłȂ[Uf[^
     𑗂悤ɗvP[X(̂悤ȗv Web uEU
     IɍsĂꍇ)BMłȂ[U̓͂ɂāA
     Cӂ̃vO𓮂悤ȃAvP[V͌ċׂ
     ͂ȂB}N(f[^\鎞ɓ)T|[g邱
     AʓIɂ悢Ƃ͂ȂBɃT|[gȂ΂ȂȂꍇ
     ASȃTh{bNX(GŊԈႢN)pӂKv
     BGobt@I[o[t[̂悤Ȗ́A\ɒӂK
     vłBobt@I[o[t[NƁAMłȂ[U
     r[A[oRŔCӂ̃vO𓮂ƂĂ܂ꂪ
     

     󒐁FTh{bNX(sandbox)Ƃ́Atŕی삳ꂽ[
     B̗̈œAvP[V́AVXeɃ_[W^Ȃ
     悤ɐ݌vA삵܂B

  o  VXeǗ(root)gpAvP[VEvOB̂
     ȃvOł́AVXeǗ҈ȊOύXłMĂ
     Ȃ

  o  [J̃T[o[(f[ƌĂ΂Ă)

  o  lbg[NT[rXsT[o[(lbg[NEf[ƌĂ΂
     Ƃ)

  o  CGI XNvgB CGI XNvǵAlbg[NT[rXsT[o
     [ƂĂ͓ȗɓB悭gpĂ̂ŁAƗ
     ƂĈƂɂB Web T[o[ CGI XNvg𓮂B
     U̓̂̂ Web T[o[tB^O邪ACGI X
     NvgőΏȂ΂ȂȂU

  o  setuid/setgid ꂽvOB̃vÓÃ}V
     gĂ郆[UsBsƂ̃vÕI[i[
     I[i[̏O[v̌^BlXȗRŁAS
     炷Ƃ͔ɂȃvOłBƂ̂A
     ͂̑啔͐MłȂ[UĂAɂ͒N͂̂
     킩Ȃ̂

  ̃hLgł́AL̈قȂނ̃vO̖_؍
  ܂Ƃ߂Ă܂܂B̂̌_́AwEꂽ̒ɂׂ͂Ă
  ނ̃vOɓĂ͂܂Ƃ͌Ȃ̂܂܂ĂƂƂ
  B setuid/setgid ꂽvÓA\złȂ悤ȓ͂
  邽߁AKChĈ setuid/setgid ꂽvO
  Ă͂܂܂Bۂ͂ȂɊ؂̂ł͂܂
  BƂ̂ÃvO͂̔eɂ܂Ă邩
  ł(Ƃ΁A CGI XNvg setuid/setgid Ă邩Ȃ
  Asetuid/setgid ƓlȌʂo悤ɐݒ肳Ă邩܂
  )BvO̎ނׂĂ܂Ƃ߂čl邱Ƃ̒́AvO
  ނԈႦ肷邱ƂȂׂĂ̖ł_ɂ܂B
  猩ĂƂɂȂ܂Ȃ͈SKvƂȂvO
  ׂĂɓĂ͂܂܂B

  ̃hLǵAC ŏꂽvOɑXɂ܂
  A C++ APerlAPythonAAda95AJava ȂǂɂĂ͐GĂ
  B C  SȃvO Linux Ŏ̂ɍł|s[
  Ȍꂾł(CGI XNvg͗OłBPerl 悭gĂ
  )B̌łĂA̎ C ōsĂꍇقƂǂłB
  ƂāAC SȃvO߂́uŗǂ́vł
  ł͂܂BŏqׂĂ錴̑́AgpĂv
  O~Oɂ炸Kpł܂B

  2.4.  ^[A肪Ƃ͔ł

  ܂S߂vOɓĂȓ_́A̒
  _ʂ̃vOƈႤƂłBȒPɂƁA^[A
  KvƂƂłBƂ̂AG[(ׂƂoO
  ƂĂ΂Ă܂)ɁAVXeɗ^eʂ̃vO
  Ƃ͂܂ႤłB

  S߂Ȃʂ̃vÓAG[Ă܂B
  񂱂̃G[͍D܂Ȃ̂łAĂ͂قƂǋN
  Ȃ̂ANƂĂɂ܂ȃP[X肵܂B
  ɋNƂĂA[U͋Rɏo킵Ă܂͂ŁÃoO
  ƂȂ痘p悤ƂƎv܂B

  S߂vOł́Ȁ󋵂ς܂BƂ郆[U
  ́AӐ}IɃoO{oāA{ɂ܂ɂNȂ󋵂o
  ܂BčU邱ƂɂĕsȌ𓾂悤Ƃ܂B܂A
  SȃvÔɓẮA^[A
  ɂȂ̂łB

  2.5.  ݌vƎsɓẴKChCƂȂ񌹂ɂ

  S߂vO(͊̃vÕZ
  LeB̖_邽)ɁAlXȃhLgĂ
  ܂B̃hLǵAꂩ炱̃hLgŖ炩ɂĂ
  KChC̍ɂȂĂ܂B

  ėpIȃT[o[ setuid/setgid ꂽvOΏۂɁA̖
  ɗhLg܂(ɂ͎QlȂƌ邱
  Ȃ̂܂)B AUSCERT(I[XgÃRs[^ً}΍
  `[)̓vO~OɓẴ`FbNXg [AUSCERT 1996] 
  JĂ܂B̃`FbNXg suid ꂽvOlbg[N
  ֘ÃvOɈSɂ邩ɂĘ_ [Garfinkel 1996] 
  22 ͂̕x[XɂĂ܂B Matt Bishop [1996, 1997] ł̃g
  sbNɊ֘AāAɗLvȃhLg𔭕\Ă܂B Galvin
  [1998a] ł́ASKvƂĂvO̊Ĵ߂̃Vv
  JvZXƃ`FbNXgɂċLqĂ܂B Galvin
  [1998b] Ń`FbNXg̃Abvf[gsĂ܂B Sitaker [1999]
  ł́uLinux security auditv(Linux ZLeBč)`[
  ɊւẴXg񎦂Ă܂B Shostack [1999] ł̓ZLeB
  dvR[hr[ꍇ̃`FbNXgLƂ͕ʂɒ
  Ă܂B The Secure Unix Programming FAQ ɗeł [Al-
  Herbish 1999]B Ranum [1998] Lvȏ񂪂܂B
  Ă邱Ƃ̒ɂ́AӂKvȂ̂܂BƂ
  Anonymous [unknown] ł́AʏłN肤댯ȋԂN蓾
  ̂ƂāAaccess(3)̎gp𐄏Ă܂B Wood [1985] ̒
  uSecurity for Programmersv͖̏͂ɗ܂AXÂeɂȂ
  ܂܂B Bellovin [1994]  FreeBSD [1999] ɂɗKCh
  C܂B

  Web Ƃ̃C^[tF[XƂȂ CGI(Common Gateway Interface)ɂ
  ́AvO~OۂɕKvɂȂZLeB̃KChC
  hLg܂BGundavaram [unknown]AKim
  [1996]APhillips [1995]A Stein [1999]AWebber [1999] Ȃǂ
  B

  ʂ̊ϓ_(܂uVXeNbNɂ́v)炱̖h
  Lg񂠂܂BƂ McClure [1999] ɂ
  BC^[lbg̗_𐶂āAɂ؂Ȃقǂ̎
  Ă܂B

  ̃hLǵALvɈႢȂƎfKChC܂Ƃ߂
  B̂߁Al邷ׂĂԗ̂ł͂܂Bg
  ҏW(܂ɃXgꂼꂪƎ̍\Ă܂) ł
  A Linux ŗL̃KChC(Ƃ΃PCpreBɂĂ fsuid
  ̒l)ɂĂlłBLׂẴhLg𐥔QƂĂ
  B

  󒐁FPCpreBƂ́AIy[eBOVXen[hEFA
  (CPU)AZLeBANZXERg[邵݁B
  fsuid Ƃ́At@CVXe`FbNꍇɎgp郆[U[ʋ@
  \B

  ul̃hLgp邾łȂAŃhLg
  ͂ȂłHvƂ^ɂȂ܂BR͂
  ܂B

  o  ̑ɕUĂ܂ĂBdvȏ́A
     1 ̃hLgƂĂ܂Ƃ߂Ăƕ֗

  o  ɂ́AvO}̂߂ł͂ȂAVXeǗ҂ʃ[U
     ꂽhLg

  o  Linux Ɋ֌WȂhLgBƂ setuid ꂽVFX
     Nvgɑ΂Ă̒ӓ_Ă`FbNXgB
     Linux ł͕ʂ̂悤ȃXNvgsłȂ̂ŁAӂȂ
     KvȂ

  o  ǂ̃VXe(UNIX CNȃVXeׂ)łKpł鍀ڂ
     ĂꍇB|[^reBdȂ΁ALinux ŗL̋@
     \gpȂƂԁBŗL̋@\gƂŁAZL
     eBmۂł̂܂łB Linux ȊÕIy[eBOV
     XeƂ̃|[^reBKvłĂA Linux ŗL̋@\g
     ƂIƂĎcĂ

  o  ̃Av[`̂́A Linux sĂ킯ł͂ȂB
     ̃Iy[eBOVXeAƂ FreeBSD łZLeB
     邽߂̓Ǝ̃vO~OEKChpӂĂ

  2.6.  ̃hLgł̕\L

  VXeɂ}jA(man)̃y[W͖(ԍ)̌`ŎQƂ܂B
  ԍ́A}jÃZNVԍ\Ă܂B C  C++ 
  u\0v(ASCII  0)ʈ̂ŁÃhLgł́uNILvƕ\
  L܂BuǂwĂȂv|C^ĺAuNULLvƕ\L܂BC
  RpC͒ʏA 0  NULL ƂĈ܂ANULL ׂĂ
  rbg 0 Ƃɂ悤ɂ C ̋KiK肵Ă킯ł͂
  ܂B

  3.  Linux ̃ZLeB@\ɂĂ̊Tv

  Linux ̃ZLeB@\ɂẴKChCOɁAvO
  }̊ϓ_ł̋@\𗝉Ă܂傤B̃ZNVł͂
  ̋@\ɂĊTς܂BłɗĂꍇ͓ǂݔ΂Ă
  B

  vO~OEKCh̑́ALinux ̃ZLeB֘A̍ڂy
  ܂Ă܂A؂ȏȂĂ܂Ă܂BɁuǂĎgp
  ̂v܂ŐꍇA̋@\gp邱Ƃɂ
  ĐZLeB̖ɂẮAׂ̐ɂsĂ܂
  BtɌX̋@\ɂẮA}jÅYy[Wɏڍׂȏ
  񏑂Ă܂BA}jAy[W̋Lq͏ڍׂđS
  ̔cɂłB̃ZNVł́ÃMbv𖄂߂悤
  Ǝv܂BvO}g Linux ɂZLeB̂
  Tς܂BʓIȃvO~OEKCh[ZL
  eBɊւ鎖ɏœ_𓖂āAɏڍׂȏ񂪓悤AQl
  Ǝv܂B UNIX ŃvO~OꂽXɂƂẮA
  łɂȂ݂̂ƂłA Linux Ŋgꂽ@\ŗL̋@\
  ܂B̋@\ɂт肷邩܂B̃ZNVł͂
  ̑_𖾂炩ɂĂ܂B

  ܂͊{IȂƂ납B{ Linux Ƃ 2 ̕琬藧Ă
  āAꂼ Linux J[l (yуJ[lEW[)Ɓu[U[
  ԁvƌĂ΂Ă܂B[UԂ̓J[lɂAŗlXȃvO
  Ă܂B[UOCƁA[U͂̃[U
  Ă uid([U ID) gid(O[v ID)\lɊ蓖Ă
  B uid  0 ̃[U͓ʂȌ()ĂāAurootvƌ
  Ă܂B root ̓ZLeBE`FbNقƂǎ󂯂邱ƂȂAV
  XeǗsꍇɎgp郆[UłBZLeB猩ėB
  uΏہvƂȂ́AꂪvZXł(܂A낢ȂƂs
  Ă鐳̂́AvZX̂̂Ȃ̂ł)BvZX͗lXȃf[^ɃAN
  ZX܂B̓t@CVXe(FSO)łASystem V ̃vZX
  ԒʐM(IPC)łAlbg[NE|[gł肵܂B
  ̓_ɂāAڂĂƂɂ܂傤B

  3.1.  vZXƂ

  Linux ł̓[UExł̓vZX𓮂ƂŎĂ
  BƗuXbhvT|[gVXêłALinux 
  ̓Xbhꂼ𕡐̃vZXƂđ点ĎĂ悤
  (Linux J[l͍œK͂邱ƂɂāAXbh̎sx
  ҂ł܂)B

  󒐁FLinux ̃Xbh̓[UExł͂ȂAJ[lEx̃X
  bhŁAJ[lXbh̐sĂ܂Bfork() Ɠqv
  ZXN܂AReLXg̉evZXƋLł邩w
  ł܂B

  3.1.1.  vZXĂ鑮

  ꂼ̃vZX́Â悤ȃZLeB֘ȂĂ܂B

  o  ruidArgid - [U ID  O[v ID̂ƂŁAvZXۂ
     点Ă郆[U\

  o  euidAegid - [U ID  O[v ID̂ƂŁÃ`Fb
     N̂߂ɗp(t@CVXe͏)

  o  fsuidAfsgid - t@CVXeւ̃ANZX`FbN邽߂
     pBʏ euidAegid ƓB̑ Linux Ǝł

  o  suidAsgid - ۑ[U ID  ۑO[v IDBp[~bVuI
     v́uItvɂꍇɎgpBڂ͌q

  o  groups - [UĂO[v(GID)̃Xg

  o  umask - Vt@CfBNgꍇɁÃftHg
     ANZXݒ肷̂ɎgprbglBumask(2)QƂ̂

  o  XPW[Oݒ肷p^ - vZX͂ꂼ̃XPW[
     OjɂƂÂēĂAftHg̕j SCHED_OTHER 
     B SCHED_OTHER ̓p^Ƃ nice lADx(priority)ƃJE
     ^ĂBڍׂ sched_setscheduler(2)QƂ̂

     󒐁FŏqׂĂuJE^vƂ́AvZX̎sv
     邽߂ɗpJE^Ӗ܂B

  o  PCpreB - POSIX Œ`ĂPCpreBBZL
     eB֘A̋@\ƂāAApA 3 ނ̋@\Bڂ
     ͉LQƂ̂

  o  limit - vZXPʂɂ̃vZXgpł郊\[X𐧌
     (LQ)

  o  t@CVXẽ[g̈ʒu - vZX猩[gEt@CV
     XëʒuBchroot(2)QƂ̂

  o

  ƃvZXۂǂ̂悤Ɋ֘AĂ̂m肽΁ALinux 
  \[XER[hQƂĂBinclude/linux/sched.h Œ`Ă
  \̂ task_struct L[|CgłB

  3.1.2.  POSIX PCpreB

  Linux J[l 2.2 ̋@\ƂāuPOSIX PCpreBvT|[g
  Ă܂B POSIX ̃PCpreB́Aʏ root Ă錠
  ɕāAƎɌ̑̌nč\Ă܂B POSIX PCpr
  eB́AIEEE(čdCdqʐMw)W̃htgŒ`Ă܂B
   Linux ŗL̋@\ł͂܂񂪁A UNIX CNȃVXe
  ōL̗pĂ킯ł͂܂B Linux ̃hLg(̃h
  Lg܂)̒ŁAuroot ̌KvłvƏĂ
  AuPCpreBKvłvƂقړӖɂȂAƃPCpr
  eBɂẴhLgɏqׂĂ܂BX̃PCpreBɂ
  Ēm肽ꍇ́AL̃PCpreBɊւhLgǂł
  B

  t@CVXeɂet@CɃPCpreBKp邱Ƃ
  ŏIIȖڕWȂ̂łÃhLgĂ鎞_ł͂܂T|[
  gĂ܂B]@\ɑ΂PCpreB̓T|[gĂ܂
  AftHgł͖ɂȂĂ܂BJ[l 2.2.11 ł̓PCpr
  eBXɐg߂Ɏg₷邵݂łuPCpreBEoEfB
  OEZbg(capability bounding set)v܂B̂
  ݂́AVXeŉғĂ邷ׂẴvZXpłPCpr
  eB̃Xgpӂ܂(ʂ init vZXpłPCpr
  eB܂)BPCpreBXgɂȂꍇAǂ
  Aǂ̃vZX̃PCpreB𗘗pł܂B̋@\g
  ĂƂāAJ[lW[̓ǂݍ݂𖳌ɂꍇ
  ܂B܂܂̋@\pĂc[ƂāA
  <http://pweb.netcom.com/~spoon/lcap/> ɂ LCAP ܂B

  󒐁FLCAP ́AJ[lT|[gĂPCpreB𖳌ɂ邱
  ƂɂāAVXeSɂ邵݂łB

  POSIX PCpreB̏ڍׂɂẮA
  <ftp://linux.kernel.org/pub/linux/libs/security/linux-privs> QƂ
  ĂB

  󒐁FL ftp T[o[ anonymous [U̗pF߂Ă܂B
  <ftp://ftp.kernel.org/pub/linux/libs/security/linux-privs> 𗘗p
  B

  3.1.3.  vZX̍쐬Ƃ̑

  vZX fork(2) vfork(2)(gpȂ
  )Aclone(2)(Linux Ǝ) gč쐬܂B̃VXeR[
  ׂẮÃvZXRs[āA2 ̃vZX𐶐܂BvZ
  X execve(2)₻̃tgGhR[āAʁX̃vOs
  ł܂(tgGhƂāAexec(3)Asystem(3)Apopen(3)QƂ
  )B

  vOs鎞Ƀt@C setuid rbgĂƁA
  ̃vZX euid ɂ̓t@C uid ݒ肳܂B setgid 
   egid Ƀt@C gid ݒ肳܂B Linux ł́AVFXN
  vĝ悤ȃXNvgSʂɑ΂āÂ悤ȃrbg̐ݒ͂Ȃ
  ƂYȂłB̂悤ȂƂXNvgŐݒłĂ܂
  ƁAZLeBɊ댯ȂƂɂȂ邩ł(UNIX CNȃVXe
  ̒ɂ setuid ĂXNvĝ܂)BOƂ
  āA Perl ͓ʂȐݒقǂƁAsetuid Ă Perl XNvg
  sł悤ɂȂ܂B

  ꍇɂāAvZX͂ uid  gid ̒lύXł܂B
  setuid(2)Aseteuid(2)Asetreuid(2)Asetfsuid(2)QƂĂB
   suid ̏ꍇ́AMłvOꎞIɂ uid lύXł
  ܂B ruid ̕ύX euid  ruid ƈقȂlɂꍇ suid 
  ͐V euid ̒lݒ肳܂BȂ[ÚA suid
  玩 euid Aruid  euid A euid  ruid ݒł
  B

  fsuid vZX́ANFS T[ô悤ȃvǑAw肳ꂽ
   UID ̃t@CVXeɐł悤ɂ邽߂̂
  łB̍ہA UID ɂ̓vZXփVOi𑗂鋖͗^܂
  B euid ύX fsuid ͐V euid ̒lɕύX܂Bfsuid
   setfsuid(2)Ƃ Linux ŗL̃VXeR[gĐݒ肷邱Ƃ
  ł܂B root ȊOĂяoꂽꍇ́Afsuid ɂ݂͌ ruid
  lAeuid lAseuid lA邢݂͌ fsuid lݒł܂B

  3.2.  t@CVXe

  t@CVXe̍\vf(FSO)́Aʏ̃t@CAfBNgAV
  {bNNAOtpCv(FIFO)A\PbgALN^XyV
  (foCX) t@CAubNXyV(foCX)t@C
  (find(1)R}hɂ̈ꗗ܂)B̓t@CVXe
  Đ䂳At@CVXe\fBNgŃ}Eg^A
  }Egėp܂Bt@CVXeǵA\vfƂ͑
  قȂANZX̑ĂāA}EgɃIvVݒ肷
  邱ƂɂāAANZX邱Ƃ\łB

  3.2.1.  t@CVXe̍\vf̑

  ̂Ƃ Linux ł ext2 łʓIȃt@CVXełBt@C
  VXe̍\vfĂ鑮͉L̒ʂłB

  o  L uid  gid - gāA\vf́uLҁvʂłB
     ʂȐݒȂ΁AʏL҂ root ANZX
     Ɋւ鑮ύXł

  o  [U(L)AO[vȊOɁAǂݍ݁^݁^š
     \rbgBʏ̃t@C̏ꍇ́Aǂ݁^^sƂ
     ʂ̈ӖBfBNg̏ꍇ́Auǂݍ݁vp[~b
     V͂̃fBNg̒邱ƈӖAusvp[~b
     V́Aʖuvp[~bVƂAۂɂ̃fBN
     gɓāAɂ̂gp邱ƂłBu݁vp
     [~bV͂̃fBNgŃt@C̒ǉA폜AύXł
     Bǉꍇ́ALɐ sticky rbg
     Ă邱ƁBV{bNÑp[~bV͈ӖȂƂ
     ӂ邱ƁBӖ̂́AV{bNN܂ރfBNg
     ƃÑt@C̒lł

  o  usticky rbgv - fBNgɐݒ肳ƁA폜ړ rootA
     t@C̏LҁA̓fBNg̏L҂sȂȂB
      UNIX ʂŗpĂg@\Ȃ̃Iy[eB
     OVXeł͈ʓIł͂ȂB sticky rbǵAʏ̃t@Cɑ
     Ẳ͉e^ȂB܂ʃ[Ułݒ肪łBÂo[
     W UNIX ł́usave program textvrbgƌĂ΂Aɏ풓
     (XbvAEgȂ)s`t@Cł邱ƂĂ
     A Linux zǗɂāAĂ܂

  o  setuidAsetgid - s`t@Cɐݒ肳ƁA uid  gid 
     ̃t@C̏L ID  gid ݒ肳(eXƗ)B̋@\
     ׂĂ UNIX CNȃVXeT|[gĂB setgid fB
     Ngɐݒ肳ƁÃfBNgɍ쐬t@C͎I
     ɂ̃fBNg gid lɐݒ肵B setgid s܂
     Ȃt@Cɐݒ肳ƁÃt@CANZXĂ
     鎞ɁAbN(mandatory locking)̃t@Cɂ邱Ƃ
     (A}EgĂt@CVXebNT|[g
     Ă)Bׂ݂͕̂ɏdAUNIX CNȃVXeōL
     ̗pĂ͂Ȃ
     󒐁Ft@C̃bN@\ɂ́AbN(mandatory locking)ƃAh
     oCUEbN(advisory locking)܂BႢ́AO҂J[l
     vZXĎbNŝŁAvZXԂ̈ˑ֌Wz
     ăbN\łBɑ΂Č҂́AvZXgbN
     ŝŁÃvZX̐Ô̂ɑ΂Ă̓bNƂȂ
     ܂Bڂ́AJ[lt̃hLg mandatory.txt
     <file:///usr/src/linux/Documentation/mandatory.txt> QƂĂ
     B

  o  ^CX^v - t@CVXe̍\vfɂ́AANZXԂ
     ͏CԂۑĂBL҂͎Rɂ
     ̒lύXł̂(touch(1)Q)ȀՂɐMȂ
     ƁB݂̂́AׂĂ UNIX CÑVXeŃT|[gĂ
     

  o  ύXs(immutable)rbg - t@CVXe̍\vfɑ΂Ă
     ȂύXF߂ȂB́Aroot ݒƉłB̂
     ݂́Aext2 t@CVXeT|[gĂAׂĂ UNIX V
     Xe(ꍇɂĂ Linux VXeł)ŗpł킯ł͂Ȃ

  o  ǉ(append-only bit)rbg - t@CVXeւ̒ǉ
     B́Aroot ݒƉłB݂̂́Aext2
     t@CVXeT|[gĂAׂĂ UNIX VXe(ꍇ
     ɂĂ Linux VXeł)ŗpł킯ł͂Ȃ

  L̒l̑́A}EgɓKp܂BāArbgl
  łɒl(}̏̒lł)Ă̂悤Ɉꍇ
  ܂BڂƂ mount(1)QƂĂBt@CVXe
  ͂̃ANZXl̂T|[gĂȂꍇ܂
  ŁAǂ悤ł mount(1)āAt@CVXeT|[g
  Ă̂mFĂB

  ANZX䃊Xg(ACLAaccess control list) POSIX PCpreB
  lt@CVXe֎ƂĂ܂AW Linux
  2.2 ɂ͂܂Ă܂B

  󒐁FACL ͏]̏LҁAO[vɂt@Cւ̃ANZX@
  ɂčXɍׂȐ\Ƃ邵݂łBlbg[ÑT[o
  [ɑ΂ANZXɂĂ̗pꂪgpĂ܂ (RFC
  1983)B

  3.2.2.  쐬̏l

  쐬鎞ɂ͎̃[Kp܂Bt@CVXe̍\v
  f(FSO)(Ƃ creat(2)g)A FSO  uid ̓vZX
   fsuid ɐݒ肳܂BʁAFSO  gid ̓vZX fsuid ݒ肳
  ܂AfBNg setgid rbgĂAt@CVXe
  ́ugrpidvݒ肵Ă肷 FSO  gid ɂ́AfBNg
  gid ݒ肳܂B̓ȃP[X𗘗p邱ƂɂāA
  uvWFNgv̂߂̃fBNg邱Ƃł܂BuvWFN
  gpṽfBNgɂ͎̂悤ɂ܂B܂vWFNgpɐ
  p̃O[v܂Bꂩ炻̃O[vL҂łvWFNg
  p̃fBNg쐬Asetgid ܂BƁAt@C
  ̃fBNgɒuƁAIɂ̃vWFNgL҂ƂȂ܂B
  lɁAVTufBNg setgid rbg𗧂ĂfBNg̔z
  ɍ쐬(t@CVXe grpid ݒ肳ĂȂ)AV
  fBNg setgid rbgĂ܂(ăvWFNg̃T
  ufBNǵAuҒʂ̐v܂B̑̃P[X́A
  Vt@C setgid ͂Ă܂B{ƂȂ FSO ̃ANZ
  X(ǂݍ݁A݁As)́A(vꂽl umask l &(rb
  g]) ~(_))ċ߂܂Bt@CVKɍ쐬ꂽԂ
  ́A sticky rbg setuid rbgNAĂ܂B

  3.2.3.  ANZX̑ύX

  ANZX̑̑啔́Achmod(2) chmod(1)Őݒł܂
  Achown(1)A chgrp(1)Achattr(1)QƂĂB

  ӂė~Ƃ܂B Linux ł root t@C
  L҂ύX邱ƂłƂƂłB UNIX CNȃVXe̒
  ɂ́Aʃ[UL҂̕ύXŝ܂A͖
  N܂BƂ΃fBXNgpʂ𐧌悤ƂƂ܂B
  Aʃ[UɏL҂̕ύXĂƁA[U̒N̑傫
  t@C𑼐l̏LɕύXāA̐luQҁvɂĂĂ܂
  B

  3.2.4.  ANZX̑gɂ

  Linux  UNIX CNȃVXêقƂǂŁAǂݍ݂⏑݂̑
  l̓t@CI[vꂽɂ`FbN܂Bǂݏx
  `FbN킯ł͂܂BVXeER[̑命A
  𗘗pĂ܂BƂ̂At@CVXeƂ̂ Linux
  ̒ȂĂ邩łB̃VXeER[
  ́Aopen(2)Acreat(2)Alink(2)Aunlink(2)A rename(2)A
  mknod(2)Asymlink(2)Asocket(2)܂B

  3.2.5.  t@CVXe̊Kw

  N̊ŁAũt@C͂ǂɒuvƂ񑩎łĂ܂B
  ܂āAfBNgKw̒ɏi[ĂBTɂ
  ẮAhier(5)QƂĂBɏڂm肽
  ΁AFilesystem Hierarchy Standard (FHS) <http://www.pathname.com/fhs>
  ĂBFHS ͏] Filesystem Structure standard (FSSTND)
  Vɏ̂łB

  3.3.  System V IPC

  Linux  System V R IPC łAbZ[WEL[AZ}tHA
  LT|[gĂ܂Bꂼ̃T[rX́AL̑
  ܂B

  o  쐬҂쐬҂O[vAȊO̎҂̓ǂݏ̃p[~b
     V

  o  쐬 uid  gid - IPC IuWFNg쐬҂ uid  gid

  o  L uid  gid - IPC IuWFNgL҂ uid  gid(Ԃ
      IPC IuWFNg쐬҂ uid Ɠ)

  L̃[ɂƂÂ IPC IuWFNgANZX܂B

  o  vZX root ̌Ă΁AANZX

  o  vZX euid L҂͍쐬҂ uid ƓȂ΁A쐬҂
     p[~bVāAȂ΃ANZX

  o  vZX euid L҂͍쐬҂ gid ƓA̓vZ
     X̑O[v̒ɏL҂͍쐬҂ gid Ɠ̂
     ΁A쐬҂̃p[~bVāAȂ΃ANZX

  o  ̑̏ꍇ́ȗ̃[Uṽp[~bV`FbN

  root  L҂쐬҂ euid vZX́AL҂ uid 
  gid ݒłA܂폜\ł邱ƂYȂłBڂ
  ipc(5)QƂĂB

  3.4.  \Pbgƃlbg[Nڑ

  \PbǵA`iƂēɃlbg[Nz̒ʐMɎgp
  Ă܂B socket(2)͏`邽߂̐ڑ|Cg쐬A\
  킷fBXNv^Ԃ܂BɏڂƂ́Asocket(2)₻
  ݂ɎQƂł֘AĂB Linux ̏ꍇATCP  UDP 
  1024 ȉ̃[Jȃ|[gɐڑɂ́Aroot ̌Kvł邱
  oĂĂB ([gɂ 1024 ȉ̃|[gւ̐ڑɂ
  ẮAʂȌ͕Kv܂)B

  3.5.  quota ƃ\[X̐

  Linux ɂ́At@CVXe̊蓖Đ(quota)ƃvZX̃\[X
  sȂ@\܂B̋@\ɂ́Aun[hȐv(hard
  limit)Ɓu\tgȐv(soft limit)̈ӖAӖقȂ
  ̂ŁAӂKvłB

  Lu(t@CVXe)̊蓖Đ́A}Eg|Cgɐݒ肪
  \ŁÃ[UO[vŎgpłubNt@C
  (inode)ɐ܂Bun[hȁv̂z邱Ƃ
  łȂ̂ɑ΂āAu\tgȁv͈̂ꎞIɐz邱Ƃ
  Ă܂B quota(1)Aquotactl(2)Aquotaon(8)QƂĂB

  rlimit ́AvZXɑ΂鐔X̊蓖Đ邵݂ŁAt@
  CTCYAqvZXAI[vłt@CȂǂ܂Bu\
  tgȁv(̐(current limit)Ƃ)Ɓun[hȐv (
  (upper limit)Ƃ)܂B\tgȐ𒴂邱Ƃ͌Ă
  ܂񂪁AVXeR[ɂăn[hȐ̏܂ł邱Ƃ
  ܂B getrlimit()Asetrlimit()Agetrusage()QƂĂB

  3.6.  Audit(č)

  ݂ƂʓIȁučv݂̂́Asyslogd(8)łB
  wtmp(5)Autmp(5)Alastlog(8)Aacct(2)QƂ邱Ƃ߂܂BT
  [o[EvO(Apache Web T[o[̂悤Ȃ)̒ɂ́AƎɍ
  Ղč邵݂Ă̂܂B

  3.7.  PAM

  F؂KvȎ Linux VXȇ啔 Pluggable Authentication
  Modules (PAM: ւ\ȔF؃W[)gp܂B݂̂
  gƁAFؕ@̍\ύXł悤ɂȂ܂(Ƃ΃pX[h
  X}[gJ[h̎gp)B PAM ɂẮAłɘ_܂B

  󒐁FX}[gJ[h(smart card)Ƃ́AvXeBbÑJ[h IC 
  Ȃǂ̃`bvڂJ[hw܂B{ł IC J[hƌĂԃP
  [X悤łB]̎CJ[hƔׂƁA葽̏i[
  邾ł͂ȂAvOCXg[Ďs邱Ƃ\ł
  _傫قȂ܂B

  4.  ׂ͂̂Ă؂邱

  ͂ɂ́AMłȂ[Û̂܂BŁAgpO
  (I)Kv܂B܂`āA
  `Ƀ}b`Ȃׂ̂Ăۂ悤ɂȂ΂܂B
  t̒`̂Ă͂܂(s`Aۂ
  )BȂȂAdvȃP[X̒`YĂ܂Ȃ
  łB񒷂̍ől𐧌Ă(KvȂŏl)B
  āA𒴂Ă܂ꍇłVXe\ȂƂm߂Ă
   (L̃obt@I[o[t[̃ZNVłڂqׂ
  ̂ŁAĂ)B

  ̏ꍇ́ÃVXeɂƂĐLN^Ɛp^[
  (ƂΐK\Ȃ) 𖾂炩ɂĂǍ`ɍȂ̂
  ׂĂۂ悤ɂĂBɃRg[LN^(
  s NIL)VF̃^LN^܂܂ĂꍇAʂ̕
  ͋N蓾Ȃ肪܂B邽߂ɁÂ悤ȃ^L
  N^͂ꂽ炷ɁuGXP[vvāAԈăvOɑ
  邱ƂȂ悤ɂ̂ԂłB CERT ͂̍lɐi
  āAGXP[vKvȂLN^̈ꗗɍڂĂȂׂ̂Ă
  GXP[v邱Ƃ𐄏Ă܂ [CERT 1998, CMU 1998]Bڍׂɂ
  ́AĹulłĂяoƁvQƂĂB

  ׂĂɑ΂āAełŏl(Ă̓[)ƍől݂
  傤Bt@C̓`FbNȂ΂܂BʓIɁu..v(
  fBNg)𐳂lƌȂĂ͂܂Bt@C\킷ꍇ
  ɂ́AfBNg̕ύXƂȂ铮ǂȏꍇł֎~邱ƂԂ
  BƂ΁Au/v𐳂LN^̒ԂɓĂ͂܂Bdq
  [̃AhXSɃ`FbN邱Ƃ́AIɂƂĂłB
  ̂AׂẴP[X^ʖڂɃT|[g悤ƂƁAAhX̒
  ɂ͐`ł͂̂́AɕGȌ؂KvƂ݂̂
  邩łB̂悤ȃ`FbNKvȂAڍׂ mailaddr(7)
  IETF RFC 822 [RFC 822] ĂB

  󒐁F IETF́AInternet Engineering Task Force ̗̂ŁAC^[lb
  gɊ֘AZp̕Wi߂邽߂ɐݗꂽĉłBs
  镶 RFC(Requests For Comment)łB

  ̃eXg 1 ӏŏWčsȂ悤ɂĂB
  ł̃eXgɊԈႢȂ̒ȒPɍς܂܂B

  ͂`FbNeXgA{ɗ\肵ʂɓ삷邩mF
  ĂBʂ̃vOg(t@Cdq[Ah
  XAURL )`FbNꍇɂ͓ɏdvłB̃vÓA
  ƂȊԈႢĂ邱ƂAu㗝lv(f
  [^ۂɎgpvOƃ`FbNvȎO
  ȂĂP[X)łB

  L̃TuZNVł́AvOɑ΂lXȓ͂ɂĘ_
  B̓͂ɂ͊ϐ umask lȂǁAvZXĂԂ
  ޓ_ɒӂĂBKׂĂ̓͂MłȂ[Uɂ
  čsȂĂ킯ł͂܂BӂKv̂͐MłȂ
  [U̓͂łB

  4.1.  R}hC

  vO̒ɂ́A͂̃C^[tF[XƂāAR}hCgp
  ̂܂B̏ꍇAnƂɂē͂Ƃ܂B
  setuid/setgid ꂽvÓAMłȂ[UR}hC
  ɂ͂󂯎ꍇ̂ŁÃvOgőΏKv
  ܂BʓIɃ[ÚAR}hCRɈ܂(execve(3)
  悤ȃVXeR[g)BāAsetuid/setgid ꂽvO
  ́AR}hC̓͂KvAR}hC
   0 ԂɓvOMpĂ͂܂([U NULL 
  ނǂȒlݒł邩ł)B

  4.2.  ϐ

  ϐ́AftHgł͐evZXp܂BvO
  瑼̃vOs(exec)ꍇAϐɔCӂ̒lݒ
  ܂B setuid/setgid ꂽvOł́A͊댯ƂȂ
  BƂ̂vOĂяoƂŊϐ̃Rg[\
  ȂAϐ𑼂̃vOɓnĂ܂łBʁAϐ
  pĂ܂߁Å댯ɈpĂ܂܂B

  ϐ́AtB[hɕ̒lݒł`ŋLĂ܂
  (Ƃ SHELL ϐɂ́A2 ̒lݒł)BR}hVF̑\
  IȂ̂́A̐ݒ肪łȂ悤ɂȂĂ܂ANbJ[́A
  悤ȏ󋵂グ܂B܂肱̃P[XȂ΁AvO 1
  ̒l̓`FbN܂Aۂ͕ʂ̒lgpĂ܂Ƃl
  BɈƂɁACuvO͂Ă̏ꍇϐ
  Đ䂳Ă̂́A̕@܂A킩ɂ
  Aɂ̓hLgĂȂ̂肵܂BƂ
  ΁AIFS ϐ sh  bash ŃR}hC̈𕪊̂Ɏgp
  LN^w肷邽߂ɗpĂ܂BVF͒჌x̃VXe
  R[𗘗pČĂяo邽߁AIFS ϐɈُȒlݒ肷ƁA
  SƎvVXeR[댯Ȃ̂ɕςĂ܂ꂪ
  B

  setuid/setgid ꂽvOSɂɂ́Aϐ̒
  ()ɕKvƂ̂𒍈ӂ𕥂đIяoAZXg
  Kv܂BĊϐŜ\ϐł environ 
  NULL ݒ肵āAϐŜ폜ǍɕKvƂȂŏ̈S
  ȒlĐݒ肵Ă ([U̐ݒl͎gpuȂv)B
  ɂ́APATH(vÔ肩fBNg̃XgłB
  ɃJgEfBNgẮu܂v)AIFS(ftHg
  ́u\t\nvł)ATZ(^C][)܂B

  4.3.  t@CEfBXNv^

  vOɂ́uI[vt@CEfBXNv^vA܂肠炩
  ߃I[vĂt@Cn܂B setuid/setgid ꂽvO
  ł́A[Ut@CI[vāA𗘗płĂ܂(p
  [~bV̐)ƂƂCɂKv܂B
  setuid/setgid ꂽvOł́AVI[vt@CɌ
  肵t@CEfBXNv^ ID Ɋ蓖ĂĂƑz肵Ă͂
  ܂B܂[ẂAWóAWG[ɂȂĂ邱ƁA
  [łɃI[vĂ邱ƂOɂĂ͂܂B

  4.4.  t@C̓e

  t@C̓eɂāAvO̓삪EꍇAMł
  郆[U̓eύXł̂łȂ΁Ãt@CMp
  ͂܂B܂AMłȂ[UAt@C₻̃t@C
  fBNgA̐efBNgCłĂ͂܂BłȂ
  ΁Ãt@CMɒlȂ̂ƂĈȂ΂Ȃ܂
  B

  4.5.  CGI ̓

  CGI ̓͂́Aۂ̂ƂϐW͂ƂĈ܂B
  Ă؂Ȃ΂Ȃ܂B

  CGI ̓͂̑AuURL GR[hꂽv`ɂȂĂ
  _؂ɂĂ܂B܂ 16 i HH ƂoCgl
  \ɂ %HH Ƃ`Ƃ܂B CGI  CGI CúA
  ͂K؂ɃfR[hāAoCglǂ`FbNKv
  ܂B %00 (NIL)  %0A (s)̂悤ȋ^킵l܂ނׂĂ̓
  ԈႢȂȂ΂܂B͂̃fR[h 1 񂾂ɂ
  BłȂƁAu%2500v̂悤ȓ͂ďĂ܂
  (܂ %25 u%vɕϊǍʁu%00vԈ NIL LN
  ^ɕϊĂ܂܂)B

  ͂ɓȃLN^邱ƂŁACGI XNvgUP[X
  ܂܌܂BL̉ĂB

  HTML ̃tH[ɂ́ANCAgŃ`FbN邱ƂŕsȒlr
  ̂܂B̓[UɂƂĂ͗Lv܂񂪁AZ
  LeB͖ӖłBƂ̂AU҂͂̂悤ȁusvȒl
   Web T[o[ɑt邩łB(uMłoHM
  邱ƁṽZNV)܂AT[o[͎󂯎邷ׂĂ
  ͂`FbNKv܂B

  4.6.  ̑̓

  vÓAׂ͂̂ĂRg[邱ƂK{łB
  setuid/setgid ꂽvOł͍ɂ߂܂BŔÂ悤ȓ
  ͂܂ɑłBA̓vOł͉L̓_lK
  v܂B

  o  JgfBNg

  o  VOi

  o  [E}bv(mmap)

  o  System V R IPC

  o  umask(VKɃt@C쐬ꍇ̃ftHg̃p[~bV
     肷)

     vON鎞ɃfBNg(chdir(2)gp)ύX
     ꍇ́AtpXwłƖړĨfBNgɈړ邱Ƃl
     ĂB

  4.7.  ͐Ԃƕ׃x̐

  ^CAEgƕ׃x݂̐ĂBɃlbg[NoR
  Ăf[^ɂ͕KĂBȂƍU҂͐₦
  邱ƂȂT[rXv𑗂t邱ƂŁAƂȒPɃT[rXWQU
  sł܂B

  5.  obt@I[o[t[̉

  uobt@I[o[t[v́AZLeBׂ̌Ƃĕpɂɔ
  BZpIɂ̓vO̖̎łA܂ɕpɂɔA
  dȖĂ̂ŁAēƗčڂ𗧂Ă܂B̖
  ɏdv́ACERT ̊̓ 1998 N 13 ̓ 9A1999 N̏
  Ƃȏオobt@I[o[t[֘Ał邱ƂŖ炩łB
  Bugtraq ɂȒłA悻 2/3 ̉񓚂obt@I[o[
  t[ZLeB̐Ǝコ̌ƂĂ܂(c̉񓚂́uݒ~
  XvƂĂ܂) [Cowan 1999]

  󒐁FBugtraq ́AZLeB֘Ȁ肷 ML łB ML 
  A[JCu <http://www.securityfocus.com/bugtraq/archive/> J
  Ă܂B

  obt@I[o[t[̂́AŒ蒷̃obt@̈ɂl(
  Ȃ)Ä̗zďĂ܂ꍇłB̌
  ́A[U̓͂obt@ɓǂݍގɂN܂AvO
  ̂܂̍ŒłN\܂B

  S߂vOŃobt@I[o[t[Ă܂ƁA
  XɂčU҂Ɉp鋰ꂪ܂Bobt@ C ̃[J
  ŎĂꍇAU҂͂̊֐̒Ŗ]݂̃R[hIɎ
  siƂăI[ot[𗘗płĂ܂܂Bobt@q[v
  ̈ɂĂA󋵂P킯ł͂܂BU҂́ȀԂ
  vO̕ϐ邱Ƃł܂BɏڂƂ́AAleph1
  [1996]AMudge [1995]Qlɂ邩A
  <http://destroy.net/machines/security/> ɂuStack Smashing
  Security VulnerabilitiesvĂB

  󒐁Fq[v̈́AvOŗpf[^i[̈ŁAp
  ɓIɊ蓖ĂApςނƉꂽAėpɉ񂳂܂B C
  ł malloc(3) Ŋmۂꂽ̈悪ɓ܂B

  vO̒ɂ́AɉeȂ̂
  ܂B܂莩Iɔz̑傫𒲐(Ƃ Perl)Aobt@
  I[o[t[Ah݂WŔĂ(Ƃ
  Ada95)܂BcOȂƂɁA C ̓obt@I[o[t[hi
  ܂Ă炸A C++ ł킢Ȃ̖𔭐邱Ƃ
  ł܂B

  5.1.  C/C++ ̊댯ȂƂ

  C [ÚAmۂĂ̈z邱Ƃ͂肦ȂƊm؂łȂ
  ΁AE`FbNȂ댯Ȋ֐gׂł͂܂Bʏgp
  ׂ֐ɂ́Astrcpy(3)Astrcat(3)Asprintf(3) gets(3) 
  ܂B̑ strncpy(3)Astrncat(3)Asnprintf(3) fgets(3)
  gp邱Ƃ߂܂Bڂ͉LŘ_܂B strlen(3) NIL L
  N^I[ɂ邱Ƃ肵Ă̂ŁANIL K݂ƊmMł
  Ȃ΁Agpׂ͔łB̑ɂobt@zĂ܂
  ֐(̎gɂ܂) 
  ́Afscanf(3)Ascanf(3)Avsprintf(3)Arealpath(3)Agetopt(3)Agetpass(3)A
  streadd(3) strecpy(3)Astrtrns(3)܂B

  5.2.  C/C++ ̃Cuɂ

  C/C++ ł̉ƂāAobt@I[o[t[̖ĂȂ֐
  Cu̎gp܂B

  C Ńobt@I[o[t[hu퓅viƂāA̖
  ĂȂWCu֐gp邱Ƃ܂܂B̉
  @ strncpy(3) strncat(3)ƂW֐ɂƂĂˑĂ܂B
  ƂȂA̎gӊOƖʓ|ŁAgƂ
  ɒӂKvłB strncpy(3)̓Rs[̏̕I[ NIL Zbg
  Ȃ̂ŁARs[̕񒷂Rs[ȏ̒Ȃ΁Astrncpy(3)
  oɃRs[̏I[ NIL Zbg邱ƂYȂłB
  strncpy(3)Astrncat(3)ƂA݂ł̈̎c̑傫œn
  Kv܂A̎cʂ̌vZ悭ԈႢ܂(ŊԈĂ
  ƁAobt@I[o[t[UĂ܂ƂɂȂ܂)Bǂ
  ̊֐Aobt@I[o[t[ǂmFPȂ
  ݂Ă܂BŌɂȂ܂Aւ֐ł strncpy(3)
  strcpy(3)ɔׂāAptH[}X͗܂B strncpy(3)Rs[
  ̎c̈ 0 Ŗ߂邽߂łB

  AOpenBSD ɂ Miller  de Raadt [Miller 1999] ɂĊJ
  ꂽ strlcpy(3) strlcat(3)܂B]̃Rs[ƘAƂ͈ق
  (ԈႢɂ)C^tF[XAŏ̓w͂Ŗ̉
  ݂Ă܂B\[XƊ֐̃hLg BSD X^C̃CZXŁA
  <ftp://ftp.openbsd.org/pub/OpenBSD/src/lib/libc/string/strlcpy.3> 
  pł܂B

  ̎g݂ƂẮAŒ蒷̃obt@gɁA񂷂ׂĂ̗
  𓮓IɍĊmۂ@܂B̎@͈ʓIŁAGNU vO~
  O KChCŐĂ܂B̕@ 1 ƂĎIɕ
  ̈̍Ċmۂs C ̃c[ł Forrest J. Cavalier III J
  ulibmib allocated string functionsv܂B
  <http://www.mibsoftware.com/libmib/astring>痘pł܂B\[X
  I[vE\[X̌`ƂĂ܂AhLg̓I[vE\[X
  ł͂܂BRɓł܂B

  ̑ɂɗƎv郉Cu܂BƂ΁Aglib C
  u͍LI[vE\[X̃vbgtH[ŗpĂ
  (GTK+ c[Lbg glib CugpĂ܂Aglib  GTK+
  gƂȂɒPƂŗpł܂B̎_ŁAglib Ců֐
  obt@I[o[t[h߂ɗLǂ𕪐͂āAȂ
  ƂƂ͂ł܂łA҂łȊ܂B킭
  ΁ÃhLg̎ȍ~̔łł glib ̊֐obt@I[o[t
  [̖ł邱ƂmFƎvĂ܂B

  5.3.  C/C++ ̃RpC̉

  ܂ϓ_͂낤Ƃ̂ɁÄ̋E`FbN
  RpCɍŝ܂([Sitaker 1999] ̃XgQƂĂ
  )BłAhɂ낢Ȏił 1 ƂāÂ
  ȃc[͔ɗLłA̎@Ŗh䂷̂͌iƂ͂
  ܂BRƂ 2 ͏グ܂B܂Â悤ȃc[͕Kv
  ȖḧꕔsƂł܂(āuȁvhsƂ
  ƁAʏ 12  30 {xȂ܂)BC  C++ ͂obt@I
  [o[t[hi킹Ă܂BɁAI[vE\[X
  vOłƁÃc[găRpC邩߂Ă
  킯ł͂܂BVXeɂĂftHǵuʂ́vRp
  CgƃZLeB̎_炷ƂɂȂĂ܂܂B

  ɗLȃc[ƂāuStackGuardv܂B́uK[hv
  ߂̒l(uJiA(canary)vƌĂт܂)^[AhXĂ
  Oɑ}ē삵܂Bobt@I[o[t[ă^[Ah
  XƁAJiA̒l(炭)ύXAۂɎgp
  OɃVXeo܂B͔ɗLȂ̂łA^[AhX
  ȊO̒l(gpĂVXeUł܂)obt@I
  [o[t[ɂ͑Ώł܂B StackGuard āAJiA𑼂
  f[^ɑ΂Ăg悤ɂ̂AuPointGuardvłB
  PointGuard ͎Iɂl(ƂΊ֐̃|C^⃍OWvE
  obt@) ی삵܂B̕ϐ PointGuard gĕی삷
  AvO}݂̉KvƂȂ܂(vO}͂ǂ̃f[^JiA
  ŕی삵Ȃ΂Ȃ̂FȂ΂Ȃ)B͗LȔ
  ʁA{ی삷ׂȂ̂ɕKvȂAƂ蔻fĂ܂AƂ
  PɕیȗĂ܂ꍇl܂B StackGuard 
  PointGuardA܂ƓlȂ̂ɂĂ̏ڍׂ Cowan [1999] QƂ
  ĂB

  󒐁Fނ̃JiÁAYzň_Yf̑_Ԃumv
  ߂ɎĂ܂B

  Ɗ֘AāALinux ̃J[lCāAX^bNEZOgł
  vO̎s֎~Ă܂@܂Bsɂ̓pb`
  Kvł (Solar Designer  pb`Ɋ܂܂Ă܂B
  <http://www.openwall.com/linux/>) ̃hLgĂ鎞_
  ́A܂J[lɎ荞܂Ă܂BZpIȗR 1 ɁAv
  قǂ̌ʂłȂ_܂BU҂́AΏۂɂĂvO
  ɂłɑ݂Ă鑼́uʔȁvꏊ (Cuq[v̈A
  X^eBbNȃf[^EZOg̈Ȃ)ĂяoĂ܂łB
  ܂ Linux ̓X^bN̈ŃvOsꍇ܂BƂ
  āAVOi GCC ́ug|v̎ꍇłB Solar
  Designer  pb`ł̂悤ȃP[XɂΉł܂Aꂪpb`
  GȂ̂Ă錴łBlIɂ Linux {ɑgݍ܂Ă
  Ǝv܂BƂ̂ɂĂԂ񂩂łUȂ܂
  A̍Û镔͖hł邩łB Linus Torvalds 
  lĂ悤ɁÃpb`ڂقǂ܂܂Ȗh䂪ł
  ArIȒPɂ̖h̗ƂłAƂ_ɂĂ͎
  ӌłB Linus Torvalds ̃pb`̗pȂRɂẮA
  <http://lwn.net/980806/a/linus-noexec.html>QƂĂB

  󒐁Fg|(trampoline)Ƃ́AvOsĂŒɃv
  OgɂĐA݂ɓƗȃIuWFNgER[h
  w܂B

  vɁA܂vÔ̂Ńobt@I[o[t[h悤ɊJ
  ̂؂łB̂悤ɊJɁAStackGuard ̂悤ȃc[
  eNjbNgāAɈSuĂׂłB\[XR[h
  obt@I[o[t[ǂo邾ǂoA StackGuard ͂
  Ɍʂ𔭊܂BƂ̂ StackGuard ĥ߂ɌĂ΂悤
  ȁuvIȎ_v炷Ƃł邩łB

  5.4.  ̌

  obt@I[o[t[́ÃvO~OłɂȂĂ
  B Perl  PythonAAda95 ̂悤ȃobt@I[o[t[h
  ĂłB C  C++ ȊǑgƂĂA񂷂ׂĂ̖
  ł킯ł͂܂Bڂ́A_ulł
  ĂяoƁvɂ NIL LN^̈QƂĂB܂
  񋟂Ă{Iȋ@\(Ƃ΃^CECu)pł
  ł̋@\Sł邱Ƃۏ؂ƂcĂ܂B
  ̂悤Ȗ͂ɂAobt@I[o[t[h悤ASȃv
  OJsꍇ́Ǎ̎gp^ɍlׂƎv
  B

  6.  vÕC^tF[XƓ\Ƃ邱

  6.1.  C^tF[XS

  C^tF[X́Ał菬(ȂVv)A(Kv
  @\)AėOȂ̃C^tF[Xg悤ɂKv
  ܂BMpł͂͂قƂǂȂƎvĂBAvP[V
  f[^邽߂̃r[A[́AOō쐬ꂽt@C\邱
  Ǝv܂Ãt@CvO(s}N܂
  ܂)ƂĈƂĂBSȃTh{bNXJč
  邱ƂƂȂ̂ł΁Ab͕ʂłB

  6.2.  p[~bVŏ

  łɐG܂A̓_ɂĂ͑匴݂Ă܂B̓v
  Oɂ́Â߂ɕKvȍŒ̃p[~bVȂƂ
  ƂłBΖvOȂĂAe͈͂
  ܂܂Bɒ[ƁAłȂS߂vO쐬
  邱Ǝ̂~߂AƂ̂ԊmȂ̂łB

  Linux ł̓vZX̃p[~bV́A܂̊e ID ɂČ܂
  BvZX͂ꂼ IDA IDAt@CVXe IDAۑ ID 
  [UƃO[vɎĂ܂B̒l܂gpāAp[~b
  Vŏɂ邱Ƃ͂ƂĂ؂ȂƂłB

  ʂ̊ϓ_p[~bVŏɗ}闝R܂B

  o  ō̃p[~bV邱Ƃ͍ŏɗ}邱ƁBȂׂ
      root ̌vOɗ^ȂBPƂ̃t@CɃANZX
     ߂ɁAvO setuid root ȂB̂悤ȏꍇ̓t@C
     ɃANZX邽߂ɐpO[v̍쐬邱ƁB̃O[
     vt@CLAvO͂̃O[v setgid ΂
     B̂悤ɃvOȂ setuid  setgid Ă݂邱
     ƁBƂ̂́AO[ṽo[ɑ΂Ă͋邱Ƃ[U
     ɑ΂邱Ƃ肳Ă邩ł(Ƃ΃t@C̃p[
     ~bV̕ύX͔F߂Ȃ)BvÕt@CɃA
     NZX邽߂ɁA[Ũp[~bVKvȂ(
     Ƃ NFS T[o[)A Linux ŗL̋@\łut@CVXe
     UID(fsuid)v邱ƁB̗p΁AԂ⃆[Uv
     ZXɃVOi𑗂悤ɋ^邱ƂȂɃt@Cւ̃A
     NZX𐧌łB

     ǂĂ root ̌vOɗ^KvꍇALinux 2.2
     ȏŗp\ POSIX PCpreB̎gp邱ƁBPOSIX P
     CpreB𗘗pƁAvONƂɂ̃vO
     ̌ŏɗ}B cap_set_proc(3) Linux ŗL
     capsetp(3)ĂяoƂŁAvONƂƂɂ̃vO
     ۂɕKvƂ@\ɏɌ𐧌łB UNIX CNȃVX
     eׂĂ POSIX PCpreBĂ킯ł͂ȂƂɒ
     ӂ邱ƁB Linux ł POSIX PCpreB̏ڍׂ́A
     <http://linux.kernel.org/pub/linux/libs/security/linux-privs>.  
     QƂ邱

  o  p[~bVLł鎞ԂŒZɁB setuid(2)Aseteuid(2)₻
     Ɗ֘A@\gpꍇ́AvÕp[~bV
     KvƂ鎞LɂĂ邩mF邱

  o  p[~bVLɂł鎞ԂŒZɁB݂₩Ƀp[~bV
     Sɕ邱ƁB Linux ́uۑvID ̗pĂ̂ŁAMp
     łȂ ID ɑ΂Ă 2 x΂葼 ID ZbgĂ܂΁A
     ŏIɂłB setuid/setgid ꂽvOł́AʂȗR
     Ȃ͎ gid  UID ɎۂɎs[U ID Zbg
     ƁB fork(2)͕KB root 瑼̌Ɉڂꍇɂ́A
     Kŏ gid ύX邱ƁBȂƓȂȂI

  o  p[~bVɍE郂W[ł菭ȂBp[~b
     VɍE郂W[̐킸ȂASǂmF
     ̂͗eՂłB@ 1 ͑O̍ڂŎwEƂ̂܂܂ŁA
     W[錠gpIǍ苎B
     ΌォĂ΂郂W[͌p悤ȂBʂ̂
     R}h𕪂A1 ͂т̏sGȃc[Ō
     [U(Ƃ root)gp̂ɂÃc[
     setuid Ă͂邪ARpNgPȃc[ŌꂽR}h
     słȂ悤ɂ(̃c[œ͂F߂ꂽȂAŏ
     c[ɓn)B̕@ GUI x[X̃VXeɂƂĂƂĂL
     iŁAGUI 𕁒ʂ̃[UœAŎ󂯎NG
     XgW[ɓnĂ

  o  g郊\[XŏɁBvOނƂłt@C
     fBNgł邾Ȃ悤Ƀp[~bVZbg
     邱ƁB̓Q[\tg̃nCXRAL^ꍇɂ悭g
     @ŁAQ[͕ games  setgid ĂăXRAt@C
     games O[vLĂBăvÔ͕ʂ̃[U
     (root Ȃ)LĂBĂ΁AQ[ʂĐN҂
     ĂĂnCXRA邱Ƃ͂łĂAQ[̎s`
     t@Cɂ͎tȂB

     قȂ@\ɂꂼꃆ[UƃO[v邱ƂlĂׂ
     BĂ΁AVXeɕt܂ƎIɑ̃VXe
     _[WAƂƂ͂ȂȂ邾낤B

     chroot(2)R}hg΁AvO͌ꂽ̃t@Cp
     łȂȂB̋@\𐶂ɂ́AfBNg̐ݒTdɍs
     Kv (uchroot jail(chroot ̘S)vƌĂ΂Ă)B root
     ̃p[~bVvÓA̎łĂVXe
     邪(mknod(2)ȂǂĂяoăVXe[ύXłĂ
     )AȊO̘͂SvÕZLeB啝ɌSɂ
     B

  Iy[eBOVXe̒ɂ́A1 ̃vZXŐM̃x𕡐
  ̂܂BƂ Multics ̃Oی@\ɓ
  BʓI UNIX  Linux ł 1 ̃vZXŐM̃x𕡐
  @͂܂B܂AJ[lĂяoƂŃp[~bV
  グ܂AvZX͒P̐MxĂ܂B Linux 
  UNIX CNȃVXe 1 ̃vZX畡̃vZX fork āA
  ̂ꂼ̃vZXɃp[~bVݒ肷邱ƂŁA̋@\V
  ~[g邱Ƃł܂BsȂɂ́ASɏ`Bo
  H(ʂ͖OȂpCvg܂) mۂAʂ̃vZX fork 
  Ăł葽̃p[~bV𗎂ƂȂ΂܂BĒP
  ȃvgRgĐM̍vZXႢvZXɗv`
  悤ɂAM̍vZX͌ꂽvT|[gȂƂm
  ɍsȂȂĂ͂Ȃ܂B

  ̋Zp Java 2  Fluke ݂ 1 łBƂ Java
  2 ͂̃t@CI[vp[~bVƂ悤ȁA
  ߂ׂ̍p[~bVwł܂BėpIȃIy[eBO
  VXeł́Â悤ȋ@\͈ʓIɎĂ܂B
  󒐁FFluke ́AFlux vWFNg̈ƂĊJĂJ[l
  Iy[eBOVXȇ̂ŁAFlux -kernel Environment ̗̂
  B nested process model ɂƂÂA͂ŊKwIȃ\[XǗs
  AS̍VXeڎwĂ܂Bڂ́AThe Flux
  Research Group <http://www.cs.utah.edu/projects/flux/> QƂĂ
  B

  Linux ̃vZXɂ́At@CVXe [U ID(fsuid)ƃt@CVX
  eO[v ID(fsgid)Ƃ 2  Linux ŗL̏ԕϐ܂B
  ̕ϐ́At@CVXẽp[~bV`FbN鎞Ɏg
  B root ̌vÓAʃ[Uɑăt@CɃAN
  ZXO fsuid  fsgid ύX邱ƂlׂłBŔAv
  ZX [U ID ݒ肷ƁÃ[U͂̃vZXɑ΂
  VOi𑗂Ă܂܂Afsuid ɐݒ肵Ă͂Ȃ܂B
  @̌_͑ POSIX VXeł͂̋@\gȂƂłB

  6.3.  ftHg͈S

  vOCXg[鎞ɂ́A[Uݒ肷@܂łׂẴA
  NZXۂׂłBCXg[ꂽt@CfBNǵAN
  ǂݏ\łĂ͌Ă܂BvɁAMł郆[U
  ȊO͓ǂ߂ȂĂ܂̂ԂłBݒ邽߂̌ꂪȂ
  ΁A[UċȂAftHgł̃ANZX͋ۂׂ
  B

  6.4.  tFCEI[v

  SȃvO͏ɁutFCEI[vvłׂłB܂Av
  O삵ȂȂĂAvOׂ͂ẴANZX
  悤ɐ݌vĂKv܂(utFCEZ[tvƂĂ΂
  Ă܂)BvOsƎvs(ُȓ͂uN蓾Ȃv
  ԂɂȂ铙) AɃT[rXۂׂłBu[U
  Ӑ}邱ƂTovȂǂƂ͂ȂłBT[rX
  邾ł悢̂łBƁAƂĐMg肪Ȃ邩
  ܂([U̗ꂩ炷)BS͍܂܂B

  6.5.  Ԃ͔܂傤

  S߂vÓAvׂǂ߂Ȃ΂
  ܂BċȂ΁A̗vsɈڂȂ΂Ȃ܂
  BvOsOɁAMłȂ[Uɉe^
  ̂悤ȕύXłĂ͂܂B

  t@CVXeɂĂ͕pɂɂ̖肪N܂BʓIɔȂ
  ΂ȂƂ́AvO access(2)gėvF߂ׂ
  肵Ǎ open(2)gƂ@łB̃VXeR[
  sԂɁA[Ut@CړłĂ܂ȂłB
  SvvOł͂邩ɁA ID ƃt@CVX
  e ID ZbgĂ炷Aopen VXeR[𔭍sׂłB
  S access(2)g@܂Ȁꍇ̓[Ũt@C
  fBNgt@CVXẽ[gpXǂĂ邱Ƃ
  ȂłB

  6.6.  MłoHM邱

  ʓIɁAMłȂoȞʂMĂ͂܂B

  Rs[^ō\ꂽlbg[N(C^[lbgŜɂĂ͂܂
  ܂) ̑啔ł́AؖĂȂ`͐M邱Ƃł
  BƂ΁AC^[lbgł͂ǂȃpPbgł̃wb_[
  ܂߂āA񂷂邱Ƃ\łBāAMłƊm؂ł
  ̂łȂ΁Ȁ 1 ̊ƂāAZLeB̔f
  łB[J̃t@CA[EH[OXv[tBO(
  肷܂)hł͂Ȃ̂ŁA{Ɂuv瑗ꂽpPbg
  ƒfłꍇ܂Bt@CA[EH[
  Aʂ̌oHAoCp̐ڑ肷ƁẢ肳
  ^킵̂ɂȂĂ܂܂BlȊoŁA|[g
  (1024 ȉ)Mł̂ƌߍ܂ȂłB啔̃lbg
  [Nł͂̂悤ȃNGXg͉\łARs[^VXe
  ɁA|[gԍ̎gpF߂悤ɂ邱Ƃł܂B

  WIɎgĂ邪{IɈSłȂvgR(Ƃ ftp Ƃ
  rlogin)sĂȂAftHgSɂĂAhLg
  ͎sɓĂ̑O𖾋LĂĂB

  hCEl[ET[o[(DNS)͍LC^[lbgŗpĂ
  ARs[^ IP AhX(l)̑gێǗĂ܂B
  uDNS ̋tvƂ@g΁APȃXv[tBOÜꕔr
  ł܂AzXg鎞ɂɗ܂B̂
  ͔F؂߂قǂ̐M͂܂B܂ƂȂ̂́ADNS 
  NGXgǂ͍U҂Rg[Ăǂ̃VXeɑ΂
  Ă邩ȂAƂƂɂ܂BāADNS 
  ꂽʂ͂ƂĐƂmFKvAdvȃANZX
  ̎iƂĐMpĂ͂܂B

  pX[hvꍇAMł͂邽߂ɁAA̗ݒ
  悤ɐSĂ(Ƃ΁AOCOɉłȂL
  [ƂvALED _łāAłȂp^[\
  铙)B

  dq[(uFromvɏĂAhX܂)ł܂B̂
  ȍȖ́AdqgΖh܂BƊȒPȖh́Adq
  [Ƀ_ɔlYtĂƂ肷@łBz̋K
  Ȃ悤ȁAJ[OEXgւ̓o^ȂΏ\pł
  B

  MłȂlbg[NzɐMłoHKvƂȂ΁A炩
  ̈Í쐬Zp̏KvƂȂ܂(ŒłÍIɈSȃnbV
  Zp)BL̃ZNVɂuÍASYƒʐMvgRvQ
  ƂĂB

  ӂė~̂́ACGI NCAg/T[o[ fŁANCA
  gǂȒlύXłĂ܂ƂłBT[o[͏ɂ̓_ɋC
  ĂȂ΂Ȃ܂BƁAuBtB[hvA
  NbL[Ȃǂ́ACGI vOl󂯎OɃNCAgŒl
  XłĂ܂܂BNCAgUłȂ@ŏ邩AT[
  o[`FbN̂łȂ΁A̒lMpĂ͂܂
  B

  getlogin(3) ttyname(3)Ƃ֐ԂĺA[J̃[U
  łĂ܂̂ŁAZLeB̗prƂĂMpĂ͂܂
  B

  6.7.  ̐`FbNR[hgp܂傤

  vÓAĂяoɎw肷z肵Ă{ԂK؂ł
  邱Ƃۏ؂Ă邩`FbNׂłB C ł assert(3)̂悤
  ȃ}Nɗł傤B

  6.8.  \[XK܂傤

  lbg[N֘Ãf[ł́AߕׂƂȂv͋ۂ邩݂
  ܂傤BElݒ肵(setrlimit(2)g)gpĂ܂Ɨ\z
  郊\[X𐧌܂傤B setrlimit(2)gāucorevt@C
  łȂ炢͍Œ悤ɂĂB Linux ł core
  t@CāAvOُI炻ׂ̂Ẵۑ
  悤ɂ܂B core t@Cɂ́ApX[h₻̑̒ӂK
  vȃf[^邩܂B

  7.  ̃\[X𗘗pꍇ͐Td

  7.1.  lłĂяo

  ʂ̃vOĂяoꍇ́ÃvOɃp^ƂėL
  Oɗ\zĂlĂ邩mFKv
  B͌ƍȂƂłBƌ̂AlXȃCu
  ֐R}hA჌x̊֐ӊOȂŌĂяoĂ邩
  ȂłBƂ popen(3) system(3)̂悤ȃVXeR[̂
  ́AR}hVFĂяo悤ɎĂ܂B܂VF
  ̃^LN^̃VXeR[ɉeڂƂӖ
  Bl execlp(3) execvp(3)VFĂяo݂ɂȂĂ
  BKChC̑ popen(3)Asystem(3)Aexeclp(3) execvp(3)
  ܂gpȂ悤ɒĂĂāAvZX𐶐ꍇɂ
  execve(3) C ꂩ璼ڌĂяo悤ɒĂĂ܂ [Galvin
  1998b]Blȕ@ Perl  VF̃obNNH[g(`)R}hVF
  Ăяo܂B

  ̖̖ȗ̂ЂƂɃVF̃^LN^܂BWI
  Linux ̃R}hVF́A߂ʂɍsLN^񂠂
  BVFɂ̃LN^nƁAGXP[vĂȂ΃VF
  ͓ʂɉ߂܂B̕@găvO΂Ή󂳂܂B
  WWW Security FAQ [Stein 1999, Q37] ɂƁA^LN^͈ȉ̂
  ̂łB

  & ; ` ' \ " | * ? ~ < > ^ ( ) [ ] { } $ \n \r

  ̃LN^̓ 1 łYƁAߎSȂƂɂȂ邩܂
  BƂ΁AvȎ̓obNXbV^LN^Ƃ
  ƂӂĂ܂[rfp 1999]B͂̌؂ZNVŘ_
  ܂A΍ƂāÃLN^͂ꂽ炷ɃGXP[v
  邱Ƃ߂܂B

  Ɗ֘AƂ NIL LN^(LN^ 0)ӊOȉe
  yڂƂ܂B C  C++ ̊֐̑啔́ANIL LN^
  ̏I[̈Ƒz肵Ă܂Ǎ(Perl  Ada95 Ȃ)̕
  ֐ NIL 𕶎̈ꕔƂĈ܂BCuJ[l
  ̌Ăяo C Ɠ𓥏PĂ܂̂ŁA`FbNeƎ
  gp邱ƂvĂ܂ [rfp 1999]B

  ̃vOĂяoAt@CQƂ肷鎞́At
  pX (Ƃ /usr/bin/sort ̂悤)Ŏw肷悤ɂĂB
  邱ƂŁAuԈvR}hĂяoۂɐG[𖳂
  Ƃł邾łȂAPATH ϐԈĐݒ肳ĂĂG[
  ł܂B̃t@C̎QƂɂĂAuԈvJnpXw
  ʐ点܂B

  7.2.  VXeR[̕Ԃlׂ͂ă`FbN܂傤

  VXeR[ŃG[󋵂Ԃ̂́AׂẴG[Ԃ`Fb
  NKv܂B܂RƂĂ̂́AVXeR[̂
  ƂǂׂĂAĂVXeE\[XΏۂƂĂ
  Ã\[Xɑ΂ă[U͂܂܂ȕ@ŉe^邱Ƃł
  Ă܂_܂B setuid/setgid ꂽvO
  ́Asetrlimit(3) nice(2)̂悤ȃVXeR[ĂяoƂŁA
  vOŎgp郊\[Xɐ邱Ƃł܂BT[o[v
  O𗘗pÕ[U CGI XNvg͓ɑʂ̃NGXg
  T[o[ɗv邱ƂŁA\[XHׂƂł܂BG[
  K؂ɈĂȂȂ΁AłɏqׂutFCEI[vvQƂ
  B

  8.  ͂肷ătB[hobN܂傤

  8.1.  tB[hobN͍ŏ

  MłȂ[Uɑ΂ẮȀ񋟂Ȃ悤ɂĂ
  BAsāAsĂsƌ
  āAȂsɂẮAł邾Ȃ悤ɂĂB
  ڍׂȏ̓[U̍ՂOɕۑĂBƂ΁A

  o  vOɉ炩̃[UF؂Kvȏꍇ(Ƃ΃lbg[NT[
     o[⃍OCEvO쐬Ă)AFؑO̒iKł́A[U
     ɂ͂ł邾^Ȃ悤ɂĂBɔFؑOɃvO
     ̃o[Wio[R炷ƂȂ悤ɂĂB
     ȂƁÃo[W̃vOɌ邱Ƃ킩Ă
     ܂ꍇA[Ũo[WAbvO[hȂƍU
     ɂ݂݂Ă܂ƂɂȂĂ܂܂B

  o  vOpX[hvꍇA͂\Ă͂܂B
     pX[h΂錴 1 ɂȂĂ܂܂B

  8.2.  o͂ĂAxꍇΏ邱

  S߂vO[Uւ̏o͂ߒl܂点A
  o͂̔x邱Ƃ́A[UłsȂ͂łBƂ
  ΁AWeb uEU͌̈ӂ TCP/IP ̌oHؒfAxx
  ł܂B̂悤ȃP[XɂS߂vO͑Ή
  ׂłBɃbN݂͂₩ɊO悤ɂׂł(łΔ
  O)B΁AT[rXۍU(DoS U)Ɍ^Ȃōς܂
  ܂Blbg[Nւ̏ݗvɂĂ̓^CAEgɐݒ
  ׂłB

  9.  gsbN

  9.1.  bN

  vOɑ΂ĔrIɎs錠Ă邩ǂ̗t
  Ȃ΂ȂȂ󋵂悭܂B POSIX VXeł́AȑO
  烍bNԂt@C쐬邱ƂőΏĂ܂B͑
  ̃VXeԂŌ݊ɂ͂悢@łB

  ̕@ɂ͂Ȃ΂ȂȂƂ܂B܂
  root ĂvÓAO_EXCL [h(ʏt@C݂
  ĂƎs)̃t@CłI[vłĂ܂܂BȂ
  open(2)g킸 link(2)gpăt@C쐬Kv܂B}
  VŃT[o[vO 1 słȂƂmɍs
  ȂA/var/log/O.pid Ƃg̃vO pid 
  Ă郍bNt@C쐬邱ƂĂ݂ĂB̕@́A
  vO\zOɒfĒr[ȏԂɂȂĂ܂AƂ_
  Ă܂AʓIɎgpĂÃVXec[łȒP
  pł܂B

  ɁAbNt@C NFS Ń}Egꂽt@CVXeɂ
  A NFS ʏ̃t@C̋@\[ɂ̓T|[gĂȂɔY
  邱ƂɂȂ܂B open(2)̃}jAɂǂ炱̖
  邩̐܂(root ̃vOɂĂ̈ɂĂ
  ܂)

       ... bN̂Ɂuopen(2) O_CREAT and O_EXCL t
       OvɈˑĂvÓAԂɊׂĂ
       ܂BbNt@CgăAg~bNȃt@CbLO
       sɂ́A܂t@CVXeɃj[Nȃt@C
       (Ƃ΃zXg pid gݍ킹܂)Aɂ̃bN
  t@C link(2)ŃN𒣂Aꂩ烆j[Nȃt@C
  ɑ΂ stat(2)săN̎QƐ 2 ɑĂ邱
  mF܂B link(2)̕Ԃlĝ͎~߂ĂB

  9.2.  pX[h

  łȂApX[hR[h͎OŏȂ悤ɂĂB
  Ƀ[JȃAvP[V̏ꍇAʏs[ŨOCF؂ɂ
  Ă܂ĂBAvP[V CGI XNvg̏ꍇAWeb
  T[o[pӂĂhɂ܂ĂBAvP[Vlbg
  [NoRŗp̂̂ȂAŃpX[h𑗂邱Ƃ~߂Ă
  (\Ȃ)BƂ̂̓lbg[N𓐒邱ƂŁAƂȒPɉ
  肳ČŎgĂ܂łBlbg[NŗpȂA
  Ƃ_CWFXgEpX[h̎gplĂ(ڂĂ
  Uɂ͎ア̂łAlbg[N̓ɑ΂Ă͗Lł)

  AvP[VpX[hKvȂAg炷㏑
  Ă܂ĂB΃pX[h鎞ԂZȂ܂B
  Java ł̓pX[hۑĂ̂ String ^gȂ悤ɂĂ
  B String ^͓eύXłȂ^ł(String ^͕sv
  ̈̐ėpȂ㏑łȂdlŁA̎dl
  ܂܂Ǝv܂) ̂ char[] gĕۑĂB̕@
  Ƃɂł㏑ł܂B

  AvP[VŃ[UpX[hݒł̂ȂpX[h
  `FbNāAuK؂ȁvpX[hĂ(ɍڂ
  ȂAȏ̕łAȂ)BK؂ȃpX[h̕t
  ȂA <http://consult.cern.ch/writeup/security/security_3.html>
  Ă͂ǂł傤B

  9.3.  

  Linux J[l(1.3.30 ȏ)ɂ͗@\܂Bɂ͎
  ͂ŔmCYfoCXhCo⑼̏񌹂WăGgs
  [Ev[Ɏ߂܂B /dev/random ɃANZXƃGgs[Ev[
  ɂmCY琄肳ꂽrbg͈̔͂łA_ȒlԂ
  Ă܂(Ggs[Ev[̏ꍇ́A͂mCYW܂Ă
  ܂ŁAĂяoubN܂)B /dev/unrandom ŃANZXāA傫
  ȒlvƁAGgs[Ev[gʂĂlԂĂ
  BÍ̖ړIŗpȂ(Ƃ΃L[̐̂
  )A/dev/random gĂBɏڂ́AVXeɂ
  IC}jA random(4)QƂĂB

  9.4.  ÍASYƒʐMvgR

  ÍASYƒʐMvgŔAVXëSێ̂ɕKv
  ŁAɃC^[lbĝ悤ȐMłȂlbg[NoRĂ
  sꍇ͕K{łB\ȂΒʐMZbVÍAZbV
  ̗ĂBΔF؏BłAvCoV
  [̕یɂ𗧂܂B

  ƂÍASYʐMvgRグɂ͍
  Ȃ܂̂ŁAō낤Ƃ͂ȂłB̂ɁAʓI
  ɐMmẴvgRłASSLASSHA
  IPSecAGnuPG/PGP  Kerberos 𗘗pĂBLJAN
  UɑςĂASYgĂ (Ƃ΃gv
   DES ȂǁAɂ闘p̖WȂ)BɁAÍ̐
  ƂŁAĂ邩cĂ̂łȂ΁AASY
  悤ȂƂ͂ȂłB̎̃ASY̍쐬́A
  ƂɋꂽƂłB

  ֘AāAǂĂƎɒʐMvgRJȂ΂ȂȂȂA
  ߋɋN莖̒ĂB Bellovin [1989] ɍڂĂ
   TCP/IP vgRɂZLeBɂẴr[̂悤ȌÓT
  IȎ Bruce Schneier [1998] ɗƎv܂B܂AMudge 
  ɂ}CN\tgЂ PPTP ̎j₻̌̐ڂQlɂȂƎv
  ܂B

  󒐁FMudge ́AL0pht Heavy Industries ƂnbJ[(NbJ[H
  ]ʂĂ悤ł)Wc̎CȊw҂łB݂ @Stake Ƃ
  ZLeB֘ÃT[rX񋟂ЂŌJSВĂ
  B

  VvgRɑ΂ẮALr[sׂŁAł
  ėpĂB

  9.5.  Java

  Linux ̃ZLeBɊ֌WvO̒ɂ Java  Java o[
  `E}V(JVM)gĎĂ̂܂B Java ňS
  vvOɂ Gong [1999] ̎ŏڍׂqׂ
  Ă܂BL Gong [1999] 甲L[|CgĂ
  B

  o  public ȃtB[hϐgȂƁBp鑤 private Ő
     Ē񋟂΁AʂƂăANZXɐ

  o  ɗRȂ private \bhɂ邱

  o  static ȃtB[hϐ̎gp͔邱ƁB̂悤ȕϐ̓NX
     ]Ă(NX̃CX^Xł͂Ȃ)ANX͑̃NXƑ
     ݊֌WBʂƂāAstatic ȕϐ͂̕ϐĂȂ
     NXQƂłĂ܂AS̊mۂɂȂ

  o  sȂ̂ƂȂ\R[hɑ΂ mutable IuWFNg
     ԂĂ͂ȂȂ(̃R[heύXĂ܂ꂪ邽)

  9.6.  PAM

  Linux fBXgr[V̂قƂǂ́APAM(Pluggable Authentication
  Modules)ĂA[U̔F؂ɏ_ɑΉł邵݂ɂȂĂ
  BJ[l̃o[W 2.2 nł Red Hat
  LinuxACalderaADebian ̗pĂAFreeBSD ̃o[W 3.1 ̗p
  Ă܂B PAM gƁAvOƔF؂̂(pX[hX}[
  gEJ[h)Ɨ̂ɂł܂B܂AvO PAM Ăяo
  APAM [JVXe̊Ǘ҂ݒ肵e`FbNAǂ́uF
  ؃W[vKv^Cɔf܂BF؂KvƂȂvO
  (Ƃ΃pX[h͂)쐬ĂȂA PAM ̗p
  łBڍׂ́ALinux-PAM vWFNg Web TCgłA
  <http://www.kernel.org/pub/linux/libs/pam/index.html> QƂĂ
  B

  9.7.  ̑

  ȌȂƂꕔ́AgOɃvOɃ`FbNĂ
  (Ƃ΁AvOJnƂ)BƂ΁AfBNg
  ŁustickyvrbgĂ邱ƂOɂĂȂA{ɂȂ
  Ă邩eXgĂBeXgɎԂ͂ȂłA
  Đ[ȖhƂł͂łBꂼ̌ĂяoŃe
  XgsԂ邱ƂCɂȂȂACXg[ɂ͍Œs
  ɂĂB

  čO̓vONZbVJnA삪Ȏɏ
  ނ悤ɂĂBƂčl̂́ANA
  AuidAeuidAgidAegidA[AvZX idAR}hC̒l
  BčÔɓẮAsyslog(3)֐QlɂȂƎv܂B
  CXg[EXNvg͂ł邾SɃvOCXg[
  BftHgł́ACXg[t@CׂĂ root 
  VXeǗ[ȔLɂāÃ[U݂łȂ悤ɂ
  ĂB root ȊÕ[U̓ECXCXg[ł
  B root ȊÕ[UCXg[łꏊpӂĂĂ
  ΁Aroot ̌Ȃ[UCXg[MȂǗ҂ł
  vOg悤ɂȂ܂B

  \ł΁Aroot  setuid  setgid ꂽvO͍Ȃł
  B[Uɂ root ŃOC悤ɂĂB

  R[hɓdqĂBΗp҂͑Ă̂
  pł̂ǂ`FbNł܂B

  S߂vO쐬ꍇɐÓIɃNsƂ
  Ă݂ĂBS߂vOINgȂ
  悤ɂ΁AIȃCũN@\_Uɑ΍Rł܂B

  R[h𒭂߂Ă鎞ɂ͏Ƀ}b`ȂP[XׂĂĂ
  BƂ switch ꍇAǂ̃P[Xɂ}b`Ȃꍇ
  ǂȂ̂HuifvďUꍇAǂ̂悤ɏ
  H

  vORpC鎞s鎞Ƀ`FbN@\mɓ
  悤ɂāA{ԂœĂĂB Perl ̃vO
  ȂxtO(-w)ׂłBƊ댯ɂȂ邩ȂR
  [h₷łɌÂ@ɂȂĂ܂ɑ΂ČxoĂ܂B
  \htO(-T)ƁA炩̃tB^OȂA
  MłȂ͂𒼐ڎgpłȂȂ܂BZLeB֘ÃvO
  ͌xׂėLɂČxoȂ悤ɃRpCׂłB gcc
  g C  C++ RpCɂ́AȂƂL̃RpC
  tOgpĂ(̌xbZ[WLɂāAxׂ
  ׂĂ)B

  gcc -Wall -Wpointer-arith -Wstrict-prototypes

  10.  _

  ɈSȃvO Linux Ő݌vĎ̂́A{ɍ
  ƂłBɈSȃvO́Al邷ׂĂ̓͂
  GӂĂ邩Ȃ[URg[Ăɑ΂āA
  K؂ɑΉȂ΂ȂȂƂɂ܂B Linux ŗL̖
  ł͂܂B̔ėpIȃIy[eBOVXe(UNIX  Windows
  NT Ȃ)J҂ɑ΂ēlȓ˂Ă܂BS߂
  vO̊J҂͎gpĂvbgtH[ɂĐ[
  āAKChC(̃hLgȂ)𒲂ׂēKpAiグv
  ZX݂(sAEr[Ȃ)AvO̐ƎȂƂ炵čs
  Kv܂B

  11.  Ql

  ӂė~̂́Ał Web TCgŗp\ȋZp𒆐Sɂ
  Ă邱ƂłBZpIȏ̂قƂǂ Web TCgł邩
  łB

  [Al-Herbish 1999] Al-Herbish, Thamer.  1999.  Secure Unix Programming
  FAQ.  <http://www.whitefang.com/sup>.

  [Aleph1 1996] Aleph1.  November 8, 1996.  ``Smashing The Stack For Fun
  And Profit.''  Phrack Magazine.  Issue 49, Article 14.
  <http://www.phrack.com/search.phtml?view&article=p49-14> or
  alternatively <http://www.2600.net/phrack/p49-14.html>.

  [Anonymous unknown] SETUID(7)
  <http://www.homeport.org/~adam/setuid.7.html>.

  [AUSCERT 1996] Australian Computer Emergency Response Team (AUSCERT)
  and O'Reilly.  May 23, 1996 (rev 3C).  A Lab Engineers Check List for
  Writing Secure Unix Code.
  <ftp://ftp.auscert.org.au/pub/auscert/papers/secure_programming_checklist>

  [Bach 1986] Bach, Maurice J.  1986.  The Design of the Unix Operating
  System.  Englewood Cliffs, NJ: Prentice-Hall, Inc.  ISBN 0-13-201799-7
  025.

  [Bellovin 1989] Bellovin, Steven M.  April 1989.  "Security Problems
  in the TCP/IP Protocol Suite" Computer Communications Review 2:19, pp.
  32-48.  <http://www.research.att.com/~smb/papers/ipext.pdf>

  [Bellovin 1994] Bellovin, Steven M.  December 1994.  Shifting the Odds
  -- Writing (More) Secure Software.  Murray Hill, NJ: AT&T Research.
  <http://www.research.att.com/~smb/talks>

  [Bishop 1996] Bishop, Matt.  May 1996.  ``UNIX Security: Security in
  Programming.''  SANS '96. Washington DC (May 1996).
  <http://olympus.cs.ucdavis.edu/~bishop/secprog.html>

  [Bishop 1997] Bishop, Matt.  October 1997.  ``Writing Safe Privileged
  Programs.''  Network Security 1997 New Orleans, LA.
  <http://olympus.cs.ucdavis.edu/~bishop/secprog.html>

  [CC 1999] The Common Criteria for Information Technology Security
  Evaluation (CC).  August 1999.  Version 2.1.  Technically identical to
  International Standard ISO/IEC 15408:1999.
  <http://csrc.nist.gov/cc/ccv20/ccv2list.htm>

  [CERT 1998] Computer Emergency Response Team (CERT) Coordination
  Center (CERT/CC).  February 13, 1998.  Sanitizing User-Supplied Data
  in CGI Scripts.  CERT Advisory CA-97.25.CGI_metachar.
  <http://www.cert.org/advisories/CA-97.25.CGI_metachar.html>.

  [CMU 1998] Carnegie Mellon University (CMU).  February 13, 1998
  Version 1.4.  ``How To Remove Meta-characters From User-Supplied Data
  In CGI Scripts.''
  <ftp://ftp.cert.org/pub/tech_tips/cgi_metacharacters>.

  [Cowan 1999] Cowan, Crispin, Perry Wagle, Calton Pu, Steve Beattie,
  and Jonathan Walpole.  ``Buffer Overflows: Attacks and Defenses for
  the Vulnerability of the Decade.''  Proceedings of DARPA Information
  Survivability Conference and Expo (DISCEX), <http://schafercorp-
  ballston.com/discex> To appear at SANS 2000,
  <http://www.sans.org/newlook/events/sans2000.htm>.  For a copy, see
  <http://immunix.org/documentation.html>.

  [Fenzi 1999] Fenzi, Kevin, and Dave Wrenski.  April 25, 1999.  Linux
  Security HOWTO.  Version 1.0.2.
  <http://www.linuxdoc.org/HOWTO/Security-HOWTO.html>

  [FreeBSD 1999] FreeBSD, Inc.  1999.  ``Secure Programming
  Guidelines.''  FreeBSD Security Information.
  <http://www.freebsd.org/security/security.html>

  [FSF 1998] Free Software Foundation.  December 17, 1999.  Overview of
  the GNU Project.  <http://www.gnu.ai.mit.edu/gnu/gnu-history.html>

  [Galvin 1998a] Galvin, Peter.  April 1998.  ``Designing Secure
  Software''.  Sunworld.
  <http://www.sunworld.com/swol-04-1998/swol-04-security.html>.
  [Galvin 1998b] Galvin, Peter.  August 1998.  ``The Unix Secure
  Programming FAQ''.  Sunworld.
  <http://www.sunworld.com/sunworldonline/swol-08-1998/swol-08-security.html>

  [Garfinkel 1996] Garfinkel, Simson and Gene Spafford.  April 1996.
  Practical UNIX & Internet Security, 2nd Edition.  ISBN 1-56592-148-8.
  Sebastopol, CA: O'Reilly & Associates, Inc.
  <http://www.oreilly.com/catalog/puis>

  [Gong 1999] Gong, Li.  June 1999.  Inside Java 2 Platform Security.
  Reading, MA: Addison Wesley Longman, Inc.  ISBN 0-201-31000-7.

  [Gundavaram Unknown] Gundavaram, Shishir, and Tom Christiansen.  Date
  Unknown.  Perl CGI Programming FAQ.
  <http://language.perl.com/CPAN/doc/FAQs/cgi/perl-cgi-faq.html>

  [Kim 1996] Kim, Eugene Eric.  1996.  CGI Developer's Guide.  SAMS.net
  Publishing.  ISBN: 1-57521-087-8 <http://www.eekim.com/pubs/cgibook>

  [McClure 1999] McClure, Stuart, Joel Scambray, and George Kurtz.
  1999.  Hacking Exposed: Network Security Secrets and Solutions.
  Berkeley, CA: Osbourne/McGraw-Hill.  ISBN 0-07-212127-0.

  [Miller 1999] Miller, Todd C. and Theo de Raadt.  ``strlcpy and
  strlcat -- Consistent, Safe, String Copy and Concatenation''
  Proceedings of Usenix '99.
  <http://www.usenix.org/events/usenix99/millert.html> and
  <http://www.usenix.org/events/usenix99/full_papers/millert/PACKING_LIST>

  [Mudge 1995] Mudge.  October 20, 1995.  How to write Buffer Overflows.
  l0pht advisories.  <http://www.l0pht.com/advisories/bufero.html>.

  [OSI 1999].  Open Source Initiative.  1999.  The Open Source
  Definition.  <http://www.opensource.org/osd.html>.

  [Pfleeger 1997] Pfleeger, Charles P.  1997.  Security in Computing.
  Upper Saddle River, NJ: Prentice-Hall PTR.  ISBN 0-13-337486-6.

  [Phillips 1995] Phillips, Paul.  September 3, 1995.  Safe CGI
  Programming.  <http://www.go2net.com/people/paulp/cgi-security/safe-
  cgi.txt>

  [Raymond 1997] Raymond, Eric.  1997.  The Cathedral and the Bazaar.
  <http://www.tuxedo.org/~esr/writings/cathedral-bazaar>

  [Raymond 1998] Raymond, Eric.  April 1998.  Homesteading the
  Noosphere.
  <http://www.tuxedo.org/~esr/writings/homesteading/homesteading.html>

  [Ranum 1998] Ranum, Marcus J.  1998.  Security-critical coding for
  programmers - a C and UNIX-centric full-day tutorial.
  <http://www.clark.net/pub/mjr/pubs/pdf/>.

  [RFC 822] August 13, 1982 Standard for the Format of ARPA Internet
  Text Messages.  IETF RFC 822.  <http://www.ietf.org/rfc/rfc0822.txt>.

  [rfp 1999].  rain.forest.puppy.  ``Perl CGI problems.''  Phrack
  Magazine.  Issue 55, Article 07.
  <http://www.phrack.com/search.phtml?view&article=p55-7>.

  [Saltzer 1974] Saltzer, J.  July 1974.  ``Protection and the Control
  of Information Sharing in MULTICS.''  Communications of the ACM.  v17
  n7.  pp. 388-402.

  [Saltzer 1975] Saltzer, J., and M. Schroeder.  September 1975.  ``The
  Protection of Information in Computing Systems.''  Proceedings of the
  IEEE.  v63 n9.  pp. 1278-1308.  Summarized in [Pfleeger 1997, 286].

  [Schneier 1998] Schneier, Bruce and Mudge.  November 1998.
  Cryptanalysis of Microsoft's Point-to-Point Tunneling Protocol (PPTP)
  Proceedings of the 5th ACM Conference on Communications and Computer
  Security, ACM Press.  <http://www.counterpane.com/pptp.html>.

  [Schneier 1999] Schneier, Bruce.  September 15, 1999.  ``Open Source
  and Security.''  Crypto-Gram.  Counterpane Internet Security, Inc.
  <http://www.counterpane.com/crypto-gram-9909.html>

  [Seifried 1999] Seifried, Kurt.  October 9, 1999.  Linux
  Administrator's Security Guide.  <http://www.securityportal.com/lasg>.

  [Shostack 1999] Shostack, Adam.  June 1, 1999.  Security Code Review
  Guidelines.  <http://www.homeport.org/~adam/review.html>.

  [Sitaker 1999] Sitaker, Kragen.  Feb 26, 1999.  How to Find Security
  Holes <http://www.pobox.com/~kragen/security-holes.html> and
  <http://www.dnaco.net/~kragen/security-holes.html>

  [SSE-CMM 1999] SSE-CMM Project.  April 1999.  System Security
  Engineering Capability Maturity Model (SSE CMM) Model Description
  Document.  Version 2.0.  <http://www.sse-cmm.org>

  [Stein 1999].  Stein, Lincoln D.  September 13, 1999.  The World Wide
  Web Security FAQ.  Version 2.0.1 <http://www.w3.org/Security/Faq/www-
  security-faq.html>

  [Thompson 1974] Thompson, K. and D.M. Richie.  July 1974.  ``The UNIX
  Time-Sharing System.''  Communications of the ACM Vol. 17, No. 7.  pp.
  365-375.

  [Torvalds 1999] Torvalds, Linus.  February 1999.  ``The Story of the
  Linux Kernel.''  Open Sources: Voices from the Open Source Revolution.
  Edited by Chris Dibona, Mark Stone, and Sam Ockman.  O'Reilly and
  Associates.  ISBN 1565925823.
  <http://www.oreilly.com/catalog/opensources/book/linus.html>

  [Webber 1999] Webber Technical Services.  February 26, 1999.  Writing
  Secure Web Applications.  <http://www.webbertech.com/tips/web-
  security.html>.

  [Wood 1985] Wood, Patrick H. and Stephen G. Kochan.  1985.  Unix
  System Security.  Indianapolis, Indiana: Hayden Books.  ISBN
  0-8104-6267-2.

  [Wreski 1998] Wreski, Dave.  August 22, 1998.  Linux Security
  Administrator's Guide.  Version 0.98.
  <http://www.nic.com/~dave/SecurityAdminGuide/index.html>

  12.  hLg̃CZX

  ̃hLg David A. Wheeler 쌠((C) 1999-2000 David A.
  Wheeler) ێĂ܂B܂ GNU General Public License (GPL) 
  Ă͕̌ی삳Ă܂BRɍĔzz\łBhLg
  ̌uvOvƌȂāAL̏炵ĂB

      This program is free software; you can redistribute it and/or modify
      it under the terms of the GNU General Public License as published by
      the Free Software Foundation; either version 2 of the License, or
      (at your option) any later version.

      This program is distributed in the hope that it will be useful,
      but WITHOUT ANY WARRANTY; without even the implied warranty of
      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      GNU General Public License for more details.

      You should have received a copy of the GNU General Public License
      along with this program; if not, write to the Free Software
      Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

  13.  {Ŏӎ

  ̖|sɓĉL̕XɂbɂȂ܂B̏؂
  \グ܂B

  o  쓈

  o  㓡됰

  o  遗썂ꂳ

  o  U

  o  R

  o  (ł̖|QlɂĂ܂)

  o  

