Convey to your vendors your
concerns about software quality in their products.
Observe the rules presented in the chapter when designing or coding
any software, and especially when writing software that needs extra
privileges or trust, runs SUID or SGID, or provides a network
service.
Don't write your own versions of library functions.
Don't create new network protocols when tested
protocols are available.
Don't invent your own encryption algorithms or
protocols.
Check all arguments to library or system calls. Check return values
from every call.
Think about using chroot for privileged programs.
Avoid storing or transmitting passwords in cleartext in any
application.
Be very cautious about generating and using
"random" numbers.
Include logging facilities in your programs.
Test your programs with random and deliberately malicious input.
Read Chen, Wagner, and Dean's paper on
setuid before writing a SUID program.
