Author: Robert C. Seacord
Audience: Experienced C/C++ Programmers
Reviewer: Mike James
In C we need to keep the security of our code in mind all the time otherwise it can be compromised and form a route into the machine. This book aims to help you fix the problem before it starts.
Security is a bigger problem for lower level languages in that it is generally the programmer's responsibility to make sure that code is secure. C and C++ are particularly prone to programme-induced problems because both languages give you enough freedom to make really big mistakes.
It is worth saying at this point that in this context "security" doesn't mean coding or encryption, but ways in which your code can contain vulnerabilities which can be exploited to take over the machine or to access data or resources that should be out of bounds.
This book is an attempt to make C/C++ programmers more aware of just how vulnerable their code is. Most of the exploits are at the C level because its more direct approach to memory use. C++ is often put forward as the way of solving the problems because it packages the way memory is accessed in a way that makes it safer - as long as you stick to the rules.
There are nine chapters in total and what they deal with is fairly obvious from their titles.
Chapter 1. Running with Scissors - general look at security
Chapter 2. Strings
Chapter 3. Pointer Subterfuge
Chapter 4. Dynamic Memory Management
Chapter 5. Integer Security
Chapter 6. Formatted Output
Chapter 7. Concurrency
Chapter 8. File I/O
Chapter 9. Recommended Practices
Each chapter starts out by explaining the basic functioning of the language. For example in Chapter 2 you are first taught the basics of strings in C and this can be a bit boring if you already know the material. From this point the book moves on to consider how things can go wrong with string handling and how this can result in a memory overrun into the stack. Next the book provides general ideas about how a given vulnerability might be used by an attacker. For example a stack incursion can be used to inject code. The coverage is up-to-date enough to include reasonably recent ideas such as return oriented programming ROP.
As the book goes on you will learn more and more about the inner workings of both C and the operating system. If you don't know what a stack or a heap is then you will by the end of Chapter 2. If you don't know how the C++ manages memory then you will by the end of Chapters 3 and 4.
Chapter 5 introduces the theory and practice of numerical representations an how using say a signed integer as an index can be used against you. Chapter 6 introduces you to the many possible flaws in formatting most of which should be well known. Chapter 7 deals with the less well known topic of how concurrency can be used against you . Most of the discussion however is just as applicable to writing good quality concurrent programs that don't suffer race hazards or deadlock. Chapter 8 looks at file systems, mostly Unix/Posix, and how to work with data in a secure way. The book closes with a look at best practices.
It is shocking that we need such attention to detail to ensure that our C, and to a lesser extent C++, programmers don't commit the sort of errors that have been in circulation for a very long time - but we do. It is also slightly sad that to find a book on the inner workings of things that deals with the material at a practical level we have to be dealing with security issues. It is also worth noting that the assembly language and systems examples are x86 oriented.
This is a very good book and highly recommended as long as you mostly want to know about flaws that arise in C. It doesn't really cover the security implications of working in C++ without ever dropping down to write some pure C.