  Secure Programming for Linux HOWTO
  David A. Wheeler, dwheeler@dwheeler.com
  version 1.23, 5 January 2000
  The Linux JF Project
  version 1.23j, 3 Feburary 2000

  ̘_́CSȃvO Linux VXepɏ߂̐݌vƎ
  ̃KChCW߂̂łDΏۂƂȂvOɂ́C[gf
  [^̃r[AƂĎgvOCCGI XNvgClbg[NT
  [oCsetuid/setgid ĎgpvOD
  ______________________________________________________________________

  ڎ

  1. 
  2. wim
     2.1 Linux ƃI[v\[X\tgEFA
     2.2 ZLeB̊{
     2.3 SɂׂvO̎
     2.4 _oȂ̂͗ǂƂł
     2.5 ݌vƎ̃KChCɊւ
     2.6 ̘_ɂ\L@

  3. Linux ̃ZLeB@\̊Tv
     3.1 vZX
        3.1.1 vZX̑
        3.1.2 POSIX P[preB
        3.1.3 vZX̐Ƒ
     3.2 t@CVXe
        3.2.1 t@CVXeIuWFNg̑
        3.2.2 쐬̏l
        3.2.3 ANZX䑮̕ύX
        3.2.4 ANZX̗p
        3.2.5 t@CVXe̊Kw
     3.3 System V IPC
     3.4 \Pbgƃlbg[Nڑ
     3.5 quota ƃ\[X
     3.6 č
     3.7 PAM

  4. SĂ̓͂؂
     4.1 R}hC
     4.2 ϐ
     4.3 t@CfXNv^
     4.4 t@C̓e
     4.5 CGI ̓
     4.6 ̓
     4.7 Lȓ͎Ԃƕ׃x̐

  5. obt@I[o[t[̉
     5.1 C/C++ ɂ댯
     5.2 Cup@(C/C++)
     5.3 RpCs@(C/C++)
     5.4 ̌̎gp

  6. vO̓Ɠ̍\
     6.1 C^tF[XSɂ
     6.2 ^錠ł邾
     6.3 ftHg͈SȐݒɂ
     6.4 tF[I[v
     6.5 Ԃ̉
     6.6 MłʐMoHMȂ
     6.7 IȐ`FbN悤ȃR[h
     6.8 gŃ\[X𐧌

  7. ̃\[X̌Ăяo̍ۂɂ͒ӂ
     7.1 Ăяo̍ۂɐlg
     7.2 VXeR[̖߂l͑Să`FbN

  8. ɕԂ͒Ӑ[I
     8.1 Ԃł邾Ȃ
     8.2 o͐悪l܂Ăꍇ≞Ȃꍇւ̑Ώ

  9. Șb
     9.1 bLO
     9.2 pX[h
     9.3 
     9.4 Í̃ASYƃvgR
     9.5 Java
     9.6 PAM
     9.7 ̘̑b

  10. _
  11. Ql
  12. ̃CZX
  13. {ɂ

  ______________________________________________________________________

  1.  

  ̘_́CSȃvO Linux VXepɏ߂̐݌vƎ
  ̃KChCW߂̂łD̘_̖ړIłuSȃvO
  vƂ́CSȈʒuƂłȂʒuƂ̋EɒuCƂ͓
  ĂȂ\[X̓͂vÔƂłD
  YvOɂ́C[gf[^̃r[AƂĎgvO
  CCGI XNvgClbg[NT[oCsetuid/setgid Ďgpv
  OD{_Ő錴̑ Linux J[lɂĂ
  ܂邪C̘_ł̓J[l̂̂̏Cɂ͐GȂD̘_ŏq
  KChĆCSȃvO@Ɋւ邳܂܂ȏ񂩂
  uw񂾋Pv̂܂Ƃ߂Ƃč쐬(M҂ӌ)C傫
  ȌƂĐĂD

  ̘_͕ۏ؊C\tgEFAGWjAO̍HCiۏ؂̃Av
  [`͈ȂD͏dvȖł邪C̏ꏊōLc_
  D̂悤Ȋɂ̓eXgCsAr[C\ǗC`I@
  ܂DɃZLeBɊւJۏ؊̂Ƃ
  ́CCommon Criteria [CC 1999], System Security Engineering Capability
  Maturity Model [SSE-CMM 1999] DʓIȃ\tgEFAGWj
  AO@vZX Software Engineering Institute's Capability
  Maturity Model for Software (SE-CMM), ISO 9000 ( ISO 9001, ISO
  9001-3), ISO 12207 ̕Œ`ĂD

  ̘_́C^ꂽŃVXe(邢̓lbg[N)SƂȂ
  悤ɐݒ肷@ɂĂ͋c_ȂD̃vOSɎg
  @dvȂƂ͖炩CSȐݒɂĂ͔ɑ̕ŋc_
  ĂDLinux VXëSȐݒɊւ Fenzi [1999],
  Seifried [1999], Wreski [1998] ܂ޑɓn镶łD

  ̘_ł́Cǎ҂̓ZLeBɊւʓIȒmCUNIX I OS ̃Z
  LeBfCC ̒mĂ̂ƂD܂CZL
  eBɑ΂ Linux ̃vO~OfɊւmĂ
  D

  ̘_̏́C Linux Documentation Project (LDP,
  <http://www.linuxdoc.org>) ɗeՂɉ悤ɈӐ}Đ`Ă
  D̘_̃IWi <http://www.dwheeler.com> łD

  ̘_ David A. Wheeler ̒앨ł((C) 1999 David A.
  Wheeler)C GNU General Public License (GPL) ɂی삳Dڂ
  Ō̐߂QƂ邱ƁD

  ̘_ł́C܂ Linux ƃZLeBɊւwiIȒmc_
  D̐߂ł Linux ̈ʓIȃZLeBf̉ƂāCvZ
  XCt@CVXeIuWFNg̃ZLeBɊւ鑮Ƒ̊T
  vD̎ɖ{_̎łCLinux VXeŃAvP[
  VJۂ̐݌vƎ̃KChCqׂD̐́CS
  ̓͂̌؁Cobt@I[o[t[̉CvO̓ѓ
  ̍\CO\[X̐TdȌĂяoC̐TdȕԑCēȘb
  Ɋւ(̎擾@Ȃ)ɕDčŌɌ_ƎQl
  qׂĘ_̌тƂD

  2.  wim

  2.1.  Linux ƃI[v\[X\tgEFA

  1984 N Richard Stallman  Free Software Foundation (FSF) 
  GNU vWFNgJnD̃vWFNg̓t[Ȕł UNIX OS 
  낤Ƃ̂łDStallman ́ut[vƂtɂāCR
  ɎgCǂ݁CύXCĔzzł\tgEFA\ƂD 1991 N
   Linux Torvalds  OS ̃J[l̊Jn߂DLinus ͂
  uLinuxvƖt[Torvalds 1999]D̃J[l FSF ̃c[Q⑼
  ̕iXƑgݍ킹邱ƂłCRɔzz\ŁCɖ𗧂
  OS D̘_ł̓J[l{̂uLinux J[lvƌĂсCgݍ
  킹čꂽŜ̂̂uLinuxvƌĂԂƂɂ(̑gݍł
  CGNU/Linux Ƃtgꍇ)D

  FXȑgDɂāCp\ȕiXFXȌ`őgݍ킹ĂD
  ꂼ̑gݍ킹ufBXgr[VvƌĂсCfBXgr[
  VJĂgDufBXgr[^vƌĂԁDLȃfBXg
  r[Vɂ RedHat, Mandrake, SuSE, Caldera, Corel, Debian 
  D̘_͓̃fBXgr[VɈˑȂD̘_ŉ
  肷̂́CJ[l̃o[W 2.2 ȍ~ł邱ƂƁCC Cu
   glic 2.1 ȍ~ł邱ƂłD̉́C݂̎v Linux fB
  Xgr[Vɑ΂Ă͊{IɗLłD

  ̂悤ȁut[\tgEFAvւ̒ڂ܂ƂƂɁCt[\tg
  EFA`CKv܂ĂDLpĂp
  uI[v\[X\tgEFAvłC̒` [OSI 1999] ŏڂq
  ׂĂD Eric Raymond [1997, 1998] ̓t[\tgEFÅJv
  ZXl@͂C傫ȉe^D

  Linux  UNIX ̃\[XR[hgĂȂCLinux ̃C^tF[X
  Ӑ}I UNIX ɎĂDāCUNIX ̋P Linux ɂĂ
  ܂C̓ZLeBɂĂD̘_ɏĂ
  ́Cۂɂ͂ǂ̂悤 UNIX I OS ɂĂ͂܂邪CLinux ̗p
   Linux ̋@\𐶂悤ɂ邽߁C Linux ŗL̏Ӑ}Iɉ
  ĂD̘_͈Ώۂi邽߁CӐ}I Linux ɏœ_
  ĂĂDSĂ UNIX I OS ƈڐA̖⑼ OS ̋@\̖
  ւĂ邪CȂƂ̘_傫Ȃ肷Ă܂ł
  D

  Linux  UNIX Ɏčꂽ̂Ȃ̂ŁCUNIX ̃ZLeB@\
  ĂD̋@\Ɋ܂܂̂́CevZXɑ΂郆[U ID  O
  [v ID (uid  gid)Ct@CVXe̓ǂݎ//s([
  U/O[v/Ŝɑ΂) p[~bVCSystem V ̃vZXԒ
  M(IPC)C\Pbgx[X IPC(lbg[NʐM܂)łD UNIX
  VXeɊւʓIȒmɂĂ Thompson [1974]  Bach [1986]
  QƂ邱ƁD̕ł͊{IȃZLeB@\ɂĂq
  ĂD 3 ͂ł́CLinux ŏdvȃZLeB@\TD

  2.2.  ZLeB̊{

  ZLeBɊւēłׂʓIȌ͐D
  [Pfleeger 1997] ̃Rs[^ZLeBɊւ鋳ȏǂނƁD

  Saltzer [1974]  Saltzer  Schroeder [1975] ́CSȖhVXe
  ̐݌v̌ƂĈȉ̍ڂĂD̍ڂ݂͌łȂ
  Lł:

  o  ł邾邱ƁDꂼ̃[UƃvÓC
     菬gē삷ׂłD΁CU
     Ƃ̔Qŏɗ}邱ƂłD

  o  @\oϓIł邱ƁDhVXe͏CPɁCfɐ݌v
     ׂłD

  o  I[vȐ݌vł邱ƁDh@\́uU҂@\̎dg݂m
     ƁvĂɂĂ͂ȂȂDtɖh@\̂̂̓e͌J
     ĂׂŁC@\̈S̓pX[hCrI (e
     ՂɕύX\)vfɈˑׂłD΁C̑O҂
     ؂󂯂邱Ƃ\ƂȂD Bruce Schneier ́CZp҂́uZ
     LeBɊւ邱Ƃ͑SăI[v\[XR[hɗׂvł
     ƎwEĂDނ͂܂CI[v\[XR[h͑̐lɌ{
     邱Ƃ〈͑Sĉ邱Ƃm߂Ă[Schneier
     1999]D

  o  SɒsƁDlANZX@͑Să`FbNȂ
     ȂȂD`FbN@\͉łȂ悤ɔzu邱ƁDႦ΁CN
     CAg-T[ofɂẮCʓIɂ̓T[o͑SẴANZX
     `FbNȂ΂ȂȂDȂȂC[U͉ɂƎ
     NCAg邱Ƃł邩łD

  o  ֎~{̑ԓxƂ邱ƁDftHg̓ł̓T[rXۂ
     łD

  o  𕪗邱ƁDzIɂ́CIuWFNgւ̃ANZX͕̏
     ɊÂčsׂłD΁C̖h@\jĂ
     SȃANZXƂ͂ȂD

  o  ʂĎ@\ŏɂ邱ƁDLĂIuWFNg͏
     񗬏ǒoHƂȂ댯ĂDāCIuWFNg͕
     Iɂ_IɂׂłD

  o  g₷ƁDg₷@\̓[UɔɂD

  2.3.  SɂׂvO̎

  SɂKvvO(̘_ł̒`ɊÂ)͑ɓnD
  ȉł͈ʓIȎނqׂ:

  o  [g̃f[^̃r[AƂĎgAvP[VvO
     Dr[AƂĎgvO([hvZbT≽炩̃tH
     [}bg̃t@C̃r[A)́C[g̐MłȂ[U瑗
     ꂽf[^\悤ɋ߂邱Ƃ΂΂ (̗v
     ̓EFuuEUIɍsƂ)D炩ȂƂCM
     Ȃ[U̓͂ɑ΂ăAvP[VCӂ̃vO
     s邱Ƃ͋ׂłȂD}N(f[^\鎞
     Ɏs)ɑΉ邱Ƃʂ͌Ƃ͌ȂD}N
     ΉȂ΂ȂȂꍇ́CSȍ (sandbox) (GG[
     Ώ̍Ƃs)pӂȂ΂ȂȂD [ : Ƃ́Cyb
     grƂɎgꂽ̂ƁD̈ybgɑe
     ĂOɂ͉eoȂ悤ɁC̈vO
     ĂeoȂƂӖD ] obt@I[o[t[̂悤Ȗ
     (q)ɂ͒ӂ邱ƁDobt@I[o[t[NƁCM
     Ȃ[Ur[AoRŔCӂ̃vOsłĂ܂
     D

  o  VXeǗ(root)gAvP[VvOD̎̃v
     ÓCVXeǗ҂łȂ[UύXłMpׂ
     ȂD

  o  [J̃T[o(f[ƂĂ΂)D

  o  lbg[Np\ȃT[o(lbg[Nf[ƌĂ΂邱Ƃ
     )D

  o  CGI XNvgD CGI XNvg̓lbg[Np\ȃT[o̓
     ȃP[Xł邪CɈʓIȂ̂œƎɕނɂĂD CGI X
     Nvg̓EFuT[ooRŊԐړIɌĂяoDEFuT[o͈
     ̍Ur邪CłȂ CGI XNvgőΏȂ
     ȂȂUcĂD
  o  setuid/setgid vOD̂悤ȃvO̓[J̃
     [UɋNCNɃvȌL҂⏊LO[v̌
     𓾂DFXȗRɂCsetuid/setgid vO͈S
     ̂ɍȃvOłDȂȂC͂̑啔M
     łȂ[U̐̉ɂC͂̈ꕔ͖炩łȂ
     łD

  ̘_ł͂炢̎ނ̖̏Wɂ܂Ƃ߂D̃Av
  [`̌_́CŎwEꂽ̈ꕔ͕KSĂ̎ނ̖
  ͓Ă͂܂ȂƂłD setuid/setgid vOɂ͑
  ̋悤Ȗ肪邽߁C̘_ŏqׂKChĈ
  setuid/setgid vOɂĂ͂܂ȂDYɕނ
  Ƃ͓DȂȂCvOɂĂ͕̗̈ɂ܂邱Ƃ
  邩ł(Ⴆ΁CCGI XNvg setuid/setgid 邱Ƃ
  Cľʂ悤ɐݒ肳邱Ƃ)DSĂ̎ނ̖
  ܂Ƃ߂đ邱Ƃ̗_́CvOɊԈނ𓖂Ă͂߂
  ƂȂɑSĂ̖ł邱ƂłDȉɏqׂ悤ɁC
  ͈SɂKvSẴvOɓKpłD

  ̘_̑啔ł́C C ŏvOɑ΂Öق̕ΌD
   C++, Perl, Python, Ada95, Java Ƃ̃vOɂ
  CLqĂD̗ŔCLinux ňSȃvO
  ߂̂ƂʓIȌꂪ C ł( CGI XNvg͏
  D̕ł Perl 悭g)C̑̌̎ C Cu
  ĂяołDC C SȃvO
  IɁułKvłƌĂ킯ł͂ȂD܂C̘_
  ̂قƂǂ͎gpvO~OɊ֌WȂKpł
  D

  2.4.  _oȂ̂͗ǂƂł

  SȃvOōł̂́Ĉ悤ȃvO
  ɂ͕iƂ͈S\KvƂȂ_łDZ΁u_oȐS\
  vKvƂȂD̗ŔCԈႢ(ׁCoOƂĂ΂)炷
  e傫قȂ邩łD

  ʂ̈SłȂvOɂ͑̃G[DG[͖]
  ܂̂ł͂ȂCʂ͋HŖőɋNȂɂ̂ŁC[U
  oOɏoĂČ̓oOȂc[g邾낤D

  SȃvOł͏󋵂͋tɂȂDꕔ̃[U͋HŖőɋNȂ
  ̈ӂɒToċNCF߂ĂȂ̍Uɂē
  悤ƂDāCSɂׂvOۂɂ́C_oȂ
  ͗ǂƂłD

  2.5.  ݌vƎ̃KChCɊւ

  ̕ňSȃvȌ(邢͊ƁC̃v
  OZLeB̖o@)ĂC
  ̘_łqׂKChC̊{IȓeĂD

  ʖړĨT[o setuid/setgid ꂽvOɂẮCdv
  ȕ񂠂(C̈ꕔ͂ǂňpĂȂΒT
  ̂ł)D AUSCERT ̓vO~Ô߂̃`FbNXgo
  Ă[AUSCERT 1996]D Garfinkel  Spafford ɂ镶 22
  ͂̈ꕔ́CS SUID ƃlbg[NvȌɊւc_
  ɂĂ[Garfinkel 1996]D Matt Bishop [1996, 1997] ͂̕ɂ
  ɏdvȘ_̍쐬Ɣ\sĂD Galvin [1998a] ͈S
  vOJ邽߂̒PȃvZXƃ`FbNXgqׂĂ
  DGalvin ͌ Galvin [1998b] ł̃`FbNXgVĂ
  D Sitaker [1999] ́uLinux security audit(Linux ZLeBč)v
  `[ׂׂڂ̈ꗗ𔭕\ĂD Shostack [1999] ̓ZL
  eBdvR[ĥ߂̃`FbNXgƎɒ`ĂD
  Secure Unix Programming FAQ 𗧂m邾낤 [Al-
  Herbish 1999]D𗧂 Ranum [1998] D
  Ă邱Ƃ̒ɂ͒ӂĈȂ΂ȂȂ̂DႦ
  ΁Caccess(3) ɒʏ푶݂댯ȋԂɐGꂸ access(3) ̎gp
  𐄏Ă [s] 悤ȐlD Wood [1985] ͂̗Lv
  AhoCXuSecurity for Programmersv̏͂ŏqׂĂDC
  eI͌ÂȂĂD Bellovin [1994]  FreeBSD [1999] ɂ𗧂
  KChC܂܂ĂD

  ̕ŁCEFuƂ̃C^tF[XƂȂ CGI (Common Gateway
  Interface) pvÔ߂̃ZLeBɊւKChC
  ^ĂD̂悤ȕƂĂ Gundavaram [unknown], Kim
  [1996], Phillips [1995], Stein [1999], Webber [1999] D

  ̘_́Cɖ𗧂ƕM҂lKChĈ܂Ƃ߂̂ł
  DāCSẲ\ԗKChCł͂ȂD̘_
  \͕MғƎ̂̂ł(eXg͂ꂼƎ̈قȂ\
  )CLinux p̃KChC(: P[preB fsuid l) M
  Ǝ̂̂łDOq̎QlSēǂނƂ߂D

  ŁuǂĒPɑ̕Љ邾łȂœƎ̕
  ̂?vƂ^邩ȂDɑ΂铚͈ȉł
  :

  o  ̏̑UĂDdvȏЂƂ̂܂Ƃ܂
     ɂĂΎg₷D

  o  ̈ꕔ̏̓vO}łȂCVXeǗ҂⃆[U
     ɏĂD

  o  ꕔ̏ Linux Ɋ֌WȂDႦ΁C̃`FbNXg
     setuid ꂽVFXNvgɑ΂xsĂ邪CLinux ͂
     ̂悤ȃVFXNvgʏ͋ĂȂ̂ŁC߂Čx
     KvȂD

  o  ł̑́C̍\ӎĂ(SĂ
     UNIX I OS ŗpł悤ɍĂ)Dl Linux
     ŗL̋Zp邱Ƃ͐CLinux ŗL̋ZpgΎۂɃZ
     LeB̌ɖ𗧂ꍇD Linux ȊO OS ւ̉{
     ]܂ꍇłĂCLinux ł Linux ŗL̋@\g
     Ƃ邾낤D

  o  Linux ɓAv[`͒̂ł͂ȂD OS (FreeBSD
     )łCƎ̃ZLeB֘ÃvO~OKChD

  2.6.  ̘_ɂ\L@

  VXẽ}jAy[Ẃu(ԍ)v̌`ŎQƂDŔԍ
  ̓}jÃZNVԍłD C  C++ ͕ '\0' (ASCII  0)
  ʈ̂ŁC̘_ł͂̒l NIL ƏƂɂDuǂ
  wȂvƂӖ|C^l NULL ƌĂԁD̊ C R
  pC͐l 0 l NULL ɕϊ邪CC ̕WKiɂ́C
  ɑSẴrbg 0 łlƂ NULL 邱Ƃ߂K͂
  D

  3.  Linux ̃ZLeB@\̊Tv

  Linux ̃ZLeB@\̎g̃KChCOɁCvO
  }̊ϓ_炱̋@\ɂĒmĂƖɗƎvD̐
  ł Linux ̃ZLeB@\ȒPɐD̋@\ɂĊ
  ɗĂȂC̐߂ɐił\ȂD

  ̃vO~OKCh́CLinux ̃ZLeB֘A̕؂l
  ߁Cdvȏ΂ĂDɂ̂悤ȃKChł́Ćug
  v̈ʓIȓe͐Ă邪C̎gɉe^ZL
  eBɂĂ͑̍قĂȂƂD̋tɁC}jA
  y[Wɂ͌X̊֐ɂĂ̏ڂ񂪍ڂĂ邪C}jAy[
  Wł͉XɂĐX̒ɖ؂Ă܂ƂɂȂD̐߂ł͂
  Mbv̋n݂D܂CvO}gƎv Linux 
  ZLeB@\̊TvD̐߂ł Linux ̃ZLeB֘A
  ɓɒڂāCʂ̃vO~OKCh[bC
  Ăɏڂ񂪓悤ɎQlЉD UNIX ̃vO
  }ɂ͓݂镪삾Ǝv邪CLinux ɂg Linux 
  L̎̂ŋƂ邩ȂD̐߂ł͂̂悤ȑ
  _ł邾qׂ邱ƂɂD

  ܂͊bD Linux ͊{I 2 ̕ɕDȂ
   Linux J[l (J[lW[܂)Ɓu[UԁvłD
  [UԂ̓J[l̏ɂAlXȃvOœ삷D[U
  OCƁC̃[U͂̃[UuUID(user id ̈
  )vƁuGID(group id ̈Ӗ)v\lɊ蓖ĂD UID 0 
  Ȍ()[UŁC`IɁurootvƌĂ΂D̃[U
  ͂قƂǂ̃ZLeB`FbNz邱ƂłCVXeǗ̂
  ɗpDvZX̓ZLeB̓_猩ƗB́úvł
  (܂CvZXANeBuȃIuWFNgł)DvZX͗l
  Xȃf[^IuWFNgCɃt@CVXeIuWFNg (FSO,
  filesystem object)CSystem V vZXԒʐM(IPC)IuWFNgClbg
  [NIuWFNgɃANZXłDȍ~̐߂ł͂ڂ
  D

  3.1.  vZX

  Linux ł́C[Ux̓̓vZX̎sƂĎĂD
  ̃VXe͕ꂽuXbhvT|[gĂDLinux ł́C
  ̃Xbh̃vZXpĎĂ邱Ƃ(̏
  CLinux J[l̓Xbhx̑x𓾂邽߂̍œKs
  )D

  3.1.1.  vZX̑

  SẴvZX̓ZLeB֘Ȃ̏WĂDȉ
  :

  o  RUID, RGID -  UID ю GIDD̓vZXs[U
     D

  o  EUID, EGID -  UID Ǝ GIDD`FbN̂߂̃[U(t@C
     VXě`FbN͏)D

  o  FSUID, FSGID - t@CVXẽANZX`FbNɎg UID 
     GIDDʂ FSUID  EUID ͓łCFSGID  EGID ͓ł
     D Linux ŗL̑łD

  o  SUID, SGID - ۑ UID ƕۑ GIDDp[~bV́uI/Itv̐
     ւT|[g邽߂ɎgDڂ͌qD

  o  groups - [UĂO[v(GID)̃XgD

  o  umask - Vt@CVXeIuWFNgۂ̃ftHg̃A
     NZX̐ݒ߂rbg̏WDumask(2) QƂ邱ƁD

  o  XPW[Opp[^ - evZX̓XPW[Õ|V
     [ĂCftHg̃|V[ SCHED_OTHER ɂȂĂv
     ZX nice lCDx(priority)CJE^ĂDڂ
     sched_setscheduler(2) QƂ邱ƁD

  o  P[preB - POSIX ̃P[preBDۂɂ̓vZXɂ 3
     g̃P[preBDȂ킿P[preBCp\P[
     preBCP[preBłD POSIX P[preBɊւ
     ڂ͌qD

  o  limit l - vZXƂ̃\[X̐(q)D

  o  t@CVXẽ[g - vZX[gt@CVXeƍl
     ꏊDchroot(2) QƁD

  ǂ̑ꂼ̃vZXɊ֘AĂ̂𐳊mɒmKv{
  ΁CLinux ̃\[XR[h𒲂ׂ邱ƁD include/linux/sched.h
  ł task_struct 𒲂ׂƂ悢D

  3.1.2.  POSIX P[preB

  Linux o[W 2.2 ŁuPOSIX P[preBv̓T|[gǉ
  ꂽDPOSIX P[preB́Cʏ root Ă錠Cׂ
  ̌ɕƂ@\ɑΉD POSIX P[preB
  IEEE W̃htgŒ`ĂDāC Linux ŗL̋@
  \ł͂ȂC UNIX IVXeł͂܂T|[gĂȂD
  Linux ̕(̘_܂)Ɂuroot ̌KvƂvƏĂ
  قƂǑSĂ̏ꍇ́Cۂɂ́uP[preBKvƂvƂ
  łD̓P[preBɊւ镶ɏĂDKvƂĂ
  ̃P[preBɂĒmKv΁CP[preBɊւ
  Œׂ邱ƁD

  ŏIIɂ́Ct@CVXẽt@CɃP[preB蓖ĉ\
  ɂ邱ƂڎwĂ邪C̘_̎M_ł́C̋@\ɂ͂܂
  ΉĂȂDP[preB̓]@\ɂ͑ΉĂ邪C̋@\
  ftHgŖɂĂD Linux ̃o[W 2.2.11 ɂ́CP[p
  reB蒼ړIɎg₷@\ǉꂽD̋@\́uP[
  preBEW(capability bounding set)vƌĂ΂DP[pr
  eBEẂCVXȇSẴvZXƂĂP[
  preB̃Xgł(ĂȂP[preB́C init
  vZXĂ)DP[preBEXgɍڂĂȂꍇ
  ́CĂ邩ǂɊ֌WȂCǂȃvZX̃P[pr
  eBgpłȂD̋@\͗Ⴆ΁CJ[lW[̓ǂݍ݂
  ɂƂɎgD̋@\𐶂c[̗ƂẮCLCAP (
  <http://pweb.netcom.com/~spoon/lcap/>) D

  POSIX P[preBɊւڂ
  <ftp://linux.kernel.org/pub/linux/libs/security/linux-privs> œ
  D

  3.1.3.  vZX̐Ƒ

  vZX̐ɂ́C fork(2), gp߂Ȃ vfork(2)C
  Linux ŗL clone(2) gD̃VXeR[SẮCɂ
  vZX𕡐C2 ̃vZX쐬DvZX execve(2) Ƃ
  ̊etgGh(Ⴆ exec(3), system(3), and popen(3) Q)
  ĂяoƂɂĕʂ̃vOsłD

  vOsꂽɂ̃t@C setuid rbg setgid rbg
  ĂƁC̃vZX EUID (setuid ̏ꍇ)܂ EGID (setgid
  ̏ꍇ)t@C̒lɐݒ肳D Linux ł́CVFXNvg̕
  ʂ̃XNvgł͂̂悤ȑ͍sȂ_ɒӂ邱ƁD̑
  XNvgɑ΂čŝ̓ZLeBIȊ댯邩ł
  ( UNIX I OS ɂ setuid VFXNvgɑΉĂ
  )DOIɁCPerl ł setuid  Perl XNvgɑΉݒ
  sD

  ꍇɂẮCvZX͂܂܂ UID l GID lɉeyڂ
  łDsetuid(2), seteuid(2), setreuid(2), setfsuid(2) QƂ邱
  ƁD SUID ́CMvOꎞI UID ؑւ邱
  D RUID ύXꂽꍇC܂ EUID  RUID ƈقȂlݒ肳
  ꂽꍇɂ́CSUID ɂ͐V EUID ݒ肳DȂ[U
  ́C SUID 玩 EUID C RUID  EUID CEUID  RUID
  ݒłD

  FSUID vZX́CNFS T[õvOɑ΂C UID ̌
  t@CVXe֌Ŵ̂Ɍċ邽߂̂̂łB UID
  ŃvZXɃVOi𑗂邱Ƃ͂łȂB EUID ύX
  ƁCFSUID ͕KVlɕύXD܂C FSUID l  setfsuid(2)
  (Linux ŗL̃VXeR[)gȂĂςꍇD root ȊO
  ̌Ăяoł́CFSUID ɂ݂͌ RUID l, EUID l, SEUID l, 
  ݂͌ FSUID lݒłȂD

  3.2.  t@CVXe

  t@CVXeIuWFNg(FSO)͒ʏt@CCfBNgCV{
  bNNCOtpCv(FIFO)C\PbgCLN^(foC
  X)t@CCubN(foCX)t@Ĉł悢(̃Xg
   find(1) R}hŕ\)Dt@CVXeIuWFNg̓t@C
  VXeɏW߂Dt@CVXe͐eƂȂt@CVXe
  ̃fBNgɃ}Eg/A}EgłDt@CVXe̓t@C
  ƏقȂANZX䑮CANZX̓}EgɑI
  IvV̉e󂯂D

  3.2.1.  t@CVXeIuWFNg̑

   ext2  Linux VXeōł悭gĂt@CVXeł
  Dext2 t@CVXe͊et@CVXeIuWFNgɑ΂Ĉȉ
  ̑T|[gĂ:

  o  L UID  GID - ̓t@CVXeIuWFNǵuLҁv
     肷Dɕ⑫ȂCANZX䑮ύXł̂͏L
     ҂ root łD

  o  [U(L)CO[vC̑̃[Uɑ΂ǂݎC
     ݁CsrbgDʏt@C̏ꍇ́CǂݎC݁Cs͌
     tʂ̈ӖDfBNg̏ꍇCuǂݎvp[~bV
     ̓fBNg̓e\邽߂ɕKvł邪Cɑ΂āu
     svp[~bV́uvp[~bVƌĂ΂邱ƂC
     ۂɂ̃fBNgɓĂ̓eg߂ɕKvƂȂDfB
     Ng̏ꍇCu݁vp[~bV͂̃fBNgł
     t@C̒ǉC폜Ct@CύXDt@C̒ǉ
     Όq sticky rbgݒ肷邱ƁDV{bN
     Ñp[~bVl͑SgȂ_ɒӂ邱ƁD܂C
     Ŵ̓V{bNNuĂfBNgƃN
     ̃t@C̃p[~bVlłD

  o  ``sticky'' rbg - sticky rbgfBNgɐݒ肳ƁC
     unlink(폜)s郆[U root, t@C̏LҁCfBNg
     L҂ɐD UNIX ŔɈʓIɎgĂg
     @\łCʃ[ŨrbgݒłDÂo[W
     UNIX ł͂uvOeLXgۑvrbgĂłC(X
     bvAEgȂ)ゾŎsׂst@C
     ɎgĂCLinux ̉zǗ@\ɂĈ͎
     xɂȂD

  o  setuid, setgid - st@Cɐݒ肷ƁC̃t@Csv
     ZX̎ UID Ǝ GID  (ꂼ)t@C̏L҂ UID 
     GID ƂȂDSĂ UNIX I OS ͂̋@\T|[gĂD setgid
     fBNgɐݒ肳ƁC̃fBNgō쐬ꂽt@C
      GID ͎IɃfBNg GID ɍĐݒ肳Dǂ̎s
     Ȃt@C setgid ݒ肷ƁC̃t@CANZX
     ĂԂ͋IɃbN悤ɂȂ(C}EgĂ
     t@CVXebNT|[gĂꍇ)D̋@\̕
     ͋قǍCUNIX I OS ōLgĂ킯ł͂ȂD

  o  ^CX^v - ANZXƏC͑SẴt@CVXeIu
     WFNgɂĕۑDCL҂͂̎Rɐݒ肷
     邱Ƃł̂(touch(1)Q)C̏MɂĂ
     ӂ邱ƁDSĂ UNIX I OS ͂̋@\T|[gĂD

  o  sσrbg(immutable bit) - t@CVXeIuWFNgɑ΂
     ؂̕ύX֎~łD̃rbg̐ݒƉŝ root 
     łD̋@\T|[gĂ̂ ext2 t@CVXe
     CSĂ UNIX VXe(邢͑SĂ Linux pt@CVXe
     ł)Lg킯ł͂ȂD

  o  ǉrbg - t@CVXeIuWFNgɒǉ݂̂
     D̃rbg̐ݒƉŝ root łD̋@\
     T|[gĂ̂ ext2 t@CVXełCSĂ UNIX
     VXe(邢͑SĂ Linux pt@CVXeł)Lg
     킯ł͂ȂD

  ȏ̒l̑̓}Egɉe󂯂D܂CႦ΁C (fBA
  ɕێĂlɊ֌WȂ)rbg̒lĂ邩̂
  Ɉ邱ƂDڂɂĂ mount(1) QƂ邱ƁD
  t@CVXeɂẮCꕔ̃ANZXlT|[gĂȂ
  ƂDJԂɂȂ邪̂悤ȃt@CVXëɂĂ
  mount(1)QƂ邱ƁD

  ANZX䃊Xg(ACL, access control list) POSIX P[preBl
  t@CVXeɒǉƂݍsĂ邪C̋@\͕
   Linux 2.2 ɂ͓ĂȂD

  3.2.2.  쐬̏l

  t@CVXeIuWFNg̐ɂ͈ȉ̋KKpDt@C
  VXeIuWFNg(FSO)(Ⴆ creat(2) g)ꂽ
  C FSO  UID ɂ́CFSO 𐶐vZX FSUID ݒ肳
  Dʂ FSO  GID ɂ́CFSO 𐶐vZX FSGID ݒ肳
  邪CFSO fBNg setgid rbgݒ肳Ăꍇ
  Ct@CVXéuGRPIDvtOݒ肳Ăꍇɂ́C FSO 
  GID ɂ͂̃fBNg GID ݒ肳D̓ȃP[Xg
  uvWFNgvfBNgɑΉłD܂CuvWFNgvp
  fBNgC̃vWFNĝ߂̐p̃O[vC
  O[vLvWFNĝ߂̃fBNgĂC
  fBNg setgid ݒ肷DƁC̃fBNgɍ쐬ꂽ
  t@C͎IɃvWFNĝ̂ƂȂDlɁCsetgid rbg
  肳Ă(ăt@CVXe GRPID ݒ肳ĂȂ)fB
  NgɐVTufBNgƁC̃TufBNg
  setgid rbgݒ肳(āCvWFNg̃TufBNg
  uv삷)DȊȌꍇɂ͑SāCVt@C setgid
  rbg̓NAD FSO ̊{IȃANZXl(ǂݎC
  ݁Cs) (vꂽl & ~ vZX umask l)ɂċ߂D
  Vt@CꂽƂ́Csticky rbg setuid rbg͕KN
  AꂽԂɂȂĂD

  3.2.3.  ANZX䑮̕ύX

  ANZX䑮̂قƂǂ chmod(2)  chmod(1) ŐݒłD
  C chown(1), chgrp(1), chattr(1) QƂ邱ƁD

  Linux ł́Ct@C̏L҂ύXł̂ root ł_ɒ
  ӂ邱ƁDꕔ UNIX I OS ɂ͈ʃ[ULύXł̂
  邪C͈ʓ|ɂȂDႦ΃fBXN̎gpʂ𐧌悤Ƃ
  ꍇCʃ[UɏL̕ύXĂƁC傫ȃt@C͒N
  ́uQҁv̂̂̂悤ɂłĂ܂D

  3.2.4.  ANZX̗p

  Linux тقƂǂ UNIX I OS ł́Cl̓ǂݏ̓t@CI
  [vƂɂ`FbNȂD܂Cxt@CI[v
  ͓ǂݏ邽т̍ă`FbN͍sȂD̑lĂ
  VXeR[͔ɂ񂠂DȂȂCt@CVXe
  Linux ̒SɂƂĂ߂ɂ邩łD̂悤ȃVXeR[
  ɂ open(2), creat(2), link(2), unlink(2), rename(2), mknod(2),
  symlink(2), socket(2) D

  3.2.5.  t@CVXe̊Kw

  N̓`ɂuǂ̃t@CǂɒuvƂ񑩂ƂłĂ
  Dt@CKwɔzuƂɂ́Č܂ɏ]ƁD
  ܂ɂ hier(5) ɂ܂Ƃ߂ĂDɏڂ Filesystem
  Hierarchy Standard (FHS) ƂēłD̋ḰCȑOɑ݂
  Linux Filesystem Structure standard (FSSTND) ߂̂łDڂ
    <http://www.pathname.com/fhs> QƂ邱ƁD

  3.3.  System V IPC

  Linux  System V IPC IuWFNgCȂ킿CSystem V ̃bZ[W
  L[CZ}tHZbgCLZOgɑΉĂD̃I
  uWFNg͂ꂼȉ̑Ă:

  o  쐬ҁC쐬҂̃O[vC̑̃[Uɑ΂ǂݏ̃p[~b
     VD

  o  쐬҂ UID  GID - IuWFNg̍쐬҂ UID  GIDD

  o  L҂ UID  GID - IuWFNg̏L҂ UID  GID (Ԃ
     ͍쐬҂ UID, GID Ɠ)D

  ̂悤ȃIuWFNgɃANZXۂɓKpK͈ȉ̒ʂł:

  o  vZX root Ă΃ANZX͋D

  o  CvZX EUID IuWFNg̏L҂쐬҂ UID Ȃ΁C
     Y쐬҂̃p[~bVrbg`FbNCANZX
     邩ǂmFD

  o  vZX EGID IuWFNg̏L҂쐬҂ GID ł邩C
     ̓vZX̃O[v̂ǂꂩIuWFNg̏L҂쐬҂ GID
     Ȃ΁CY쐬҂̃O[vp[~bVrbgANZXɍ
     ă`FbND

  o  L̂łȂꍇ́CYȗ̃[Uṽp[~b
     VrbgANZXɍۂă`FbND

  root svZX܂͏L҂쐬҂ EUID vZX́C
  L UID ƏL GID ݒ肵CIuWFNg폜łDڂ
   ipc(5) ɂD

  3.4.  \Pbgƃlbg[Nڑ

  \Pbg͒ʐMCɃlbg[NʐMŗpD socket(2) ͒ʐMp
  ̒[_(endpoint)쐬CfXNv^ԂDڂ socket(2) C
  ̑̊֘AQƂ邱ƁD Linux ł́CTCP  UDP  1024 Ԗ
  ̃[J|[gɊ蓖Ăɂ root Kvȓ_ɒӂ邱
  (1024 Ԗ̃[g|[gɊ蓖Ăꍇɂ͓ʂȌ͕Kv
  )D

  3.5.  quota ƃ\[X

  Linux ɂ̓t@CVXe quota ƃvZX̃\[Xs
  ̋@\Dł͗pɒӂ邱ƁDƂ̂Cquota ƃ\[X
  ɂ́un[hȁvƁu\tgȁv邪C̗p͏
  ႤӖłD

  Lu(t@CVXe) quota e}Eg|CgƂɒ`
  łD`́Cw肳ꂽ[UO[vgpłLũub
  NCj[Nȃt@C(inode ̐)ɂčsDun[hv
  quota ͌Ē邱ƂłȂł邪Cu\tgv quota
  ͈ꎞIɒ߂邱ƂDڂ quota(1), quotactl(2),
  quotaon(8) QƂ邱ƁD

  rlimit @\́CvZXɑ΂ɑ̎ނ quota ɑΉĂ
  DႦ΃t@CTCYCqvZX̐CI[vłt@C̐
  ǂłDɂ́u\tgȁv(݂̐(current limit)ƂĂ΂
  )Ɓun[hvȐ((upper limit)ƂĂ΂)D\tgȐ
  𒴂邱Ƃ͂ǂȏꍇȂC\tgȐl̓VXeR[
  găn[hȏl܂ŏグ邱ƂłDڂ getrlimit(),
  setrlimit(), getrusage() QƂ邱ƁD

  3.6.  č

  ݂ƂʓIȁučv@\ syslogd(8) łD wtmp(5),
  utmp(5), lastlog(8), acct(2) Ɨǂ낤DT[ovO
  Ă(Ⴆ WWW T[o Apache )́CƎ̊č@\Ă
  D

  3.7.  PAM

  F؂sہCقƂǂ Linux VXeł PAM (Pluggable
  Authentication Modules, ւ\ȔF؃W[) p
  DPAM pƔF؂̐ݒsƂł(Ⴆ΃pX[h̎g
  pCX}[gJ[h̎gpȂ)D PAM ɂẮC̘_̌̕ŏڂ
  D

  4.  SĂ̓͂؂

  ͂ɂĂ͐MłȂ[Us邱ƂCꍇ
  ɂ͓͂gpOɌ(tB^O)KvD
  ߂ĂC̒`ɍȂ̂͑SĔrׂłD̋t(
  Ȃ߂ĂCɓĂ͂܂̂r)sĂ
  ȂȂDȂȂCdvȃP[XY邩ȂłD
  ̍ő̒(KvȂŏ̒)𐧌ĂC̒𒴂
  ƂɂȂ悤ɂ邱(̖ɂĂ̏ڂ́C
  uobt@I[o[t[v̐߂QƂ邱)D

  ̏ꍇ́Cp^[(ႦΐK\Ƃ)߂Ă
  CɓĂ͂܂Ȃ̂SĔr邱ƁD񂪐䕶(
  s NIL )VF̃^܂ނƂɂ͓ʂȖ肪N
  DāĈ悤ȃ^͓͂ꂽ_łɁuGXP[
  vvCԈđĂ܂Ȃ悤ɂƂ悢낤D CERT ͂
  ɐi߂āCGXP[vKvȂ̃XgɊ܂܂ĂȂS
  Ă̕GXP[v邱Ƃ𐄏Ă[CERT 1998, CMU 1998]Dڂ
  ́uĂяo̍ۂɐlgv̐߂QƂ邱ƁD

  SĂ̐lɂāCŏl(0 ̂Ƃ)ƍől߂D
  t@C̓`FbNׂDʂ́u..v(ʃfBNg)͐l
  Ƃ͔F߂ȂƂ悢낤Dt@Cł́CfBNg̕ύX͑Sċ֎~
  Ƃ悢낤DႦ΁Cu/v𐳂̏WɊ܂߂ȂȂǂ̕@
  Ddq[AhXSɃ`FbN悤ƂƔɖʓ|ł
  DȂȂCSẴAhXɑΉ悤ƂĂC؂ɖʓ|Ȍ
  `̃AhX݂邩łD̂悤ȃ`FbNKvł
  ΁C mailaddr(7)  IETF RFC 822 [RFC 822] ɏڂ񂪂D

  ͕̌ʁCꃖŏWčsׂłDȂȂCŐ
  ̌̂̐m̊mFsƂeՂɂȂ邩łD

  ̌؂R[hōꍇ́Cꂪۂɐ삷
  Ƃm߂邱ƁD̂Ƃ́Cʂ̃vOg(t@C
  dq[AhXCURL )`FbNꍇɂ͓ɏdvłD
  悤ȃeXgɂ͋CÂɂԈႢ邱ƂCu㗝l
  v(`FbNp̃vȎO񂪁CۂɃf[^gvȎO
  ƈقȂ)NƂD

  ȉ̐߂ł́CvO֗^lXȎނ̓͂ɂĐD
  ͂ɂ͊ϐ umask lȂǁCvZXĂԂ܂ޓ_ɒ
  ӂ邱ƁDKSĂ̓͂MłȂ[Us킯ł͂Ȃ
  ŁCӂKv̂͐MłȂ[U̓͂ł悢D

  4.1.  R}hC

  ̃vO̓R}hC͂̃C^tF[XƂėpC
  ƂēnƂɂ͂󂯎D setuid/setgid ꂽvO
  MłȂ[UR}hC͂󂯎邱Ƃ̂ŁC
  gŖh䂵Ȃ΂ȂȂD܂C[U̓R}hCȂ莩R
  ɈƂł(execve(3) ̃VXeR[p)D
  āCsetuid/setgid vO̓R}hC͂؂Ȃ
  ȂȂCR}hC 0 vOMpĂ͂Ȃ
  ([U̓vO NULL ܂߂RȒlݒł)D

  4.2.  ϐ

  ftHgł͊ϐ͐evZXpDCvO
  ̃vOsۂɂ́CϐCӂ̒lɐݒ肷邱
  łD setuid/setgid vOɂƂĊ댯łD
  ȂĈ悤ȃvOĂяõvO͊ϐ𐧌䂵
  đt邱Ƃł邩łDϐ͕ʂ͈p̂ŁC
  ̊댯pĂD

  ϐ́CtB[hɕ̒lĂ`ŕۑ(Ⴆ
  SHELL ϐ 2 Ă)Dʂ̃R}hVFł͂̂悤Ȑݒ͋֎~
  Ă邪CNbJ[͂̂悤ȏ󋵂邱ƂłD܂v
  O 1 ̒l`FbNȂCۂɂ͕ʂ̒lg邱Ƃ
  DɈƂɁC̃CuvO͊ϐŐ䂳
  Ă邪C@܂CɂC
  ĂȂƂDႦ΁Csh  bash  IFS ϐgăR
  }hC؂镶߂DVF͂̒჌xVXe
  R[gČĂяôŁC IFS ɕʂłȂlݒ肷邱Ƃ
  CSɌVXeR[j󂷂邱ƂłD

  setuid/setgid ꂽvOSɂɂ́C܂(݂Ȃ)
  ͂ƂĕKvȊϐ̒ZXg𒍈Ӑ[oDɁCϐ
  environ  NULL ݒ肷邱ƂɂϐSĂČɕKv
  Ȋϐ̏WɈSȒlĐݒ肷 ([Uw肵l͊܂
  Ȃ)D̂悤ȒlƂĂ PATH(vOTΏۂ̃fBNg
  XgDJgfBNg܂߂Ă͂ȂȂ), IFS(ftHg ``
  \t\n'' ݒ肷邱), TZ(^C][)D

  4.3.  t@CfXNv^

  vOɂ́uI[vt@CfXNv^v̏WnD
  ͗\߃I[vĂt@CłD setuid/setgid ꂽvO
  ́CI[vt@C[U (p[~bV̐)I
  ƂɑΏłȂ΂ȂȂD setuid/setgid ꂽvO
  ́CVt@CI[vƂɏɌ܂t@CfXNv
  ^ ID ŃI[vƉ肵Ă͂ȂȂDẂCWóCWG
  [o͂[ł邱ƂC邢̓I[vĂ邱Ƃ牼肵
  ͂ȂȂD

  4.4.  t@C̓e

  vOw肳ꂽt@Cw󂯂ꍇ́CMĂ
  [Ut@C̓e𐧌łȂꍇC̃t@Cʂ
  MĂ͂ȂȂD܂CMłȂ[U͂̃t@CfBN
  gCăt@C̑SĂ̐efBNgҏWłĂ͂ȂȂD
  łȂꍇɂ́C̃t@C͐MłȂ̂ƂĈȂ΂Ȃ
  D

  4.5.  CGI ̓

  CGI ̓͂́CIɂ͐ݒ肳ꂽϐ̏WƕW͂łD
  ̒l͌؂Ȃ΂ȂȂD

  ̑̓_ƂẮCCGI ւ̓͂̑uURL GR[
  hvC܂ꕔ̒l %HH ̌`ŏĂ`ŗ^_
  D HH ͂̃oCgl\ 16 iR[hłD CGI Cu
  ́C͂ URL fR[hāCɃfR[hɂēꂽoCgl
  K؂ǂ`FbN邱ƂɂC͂𐳂Ȃ΂Ȃ
  D %00 (NIL)  %0A (s) ̂悤ɖ肪l܂߁CSĂ̒l
  Ȃ΂ȂȂD͂𕡐fR[hĂ͂ȂȂDł
  ƁCu%2500v̂悤Ȓl̏Ă܂(܂ %25 u%vɕϊ
  Čʓꂽu%00vԈēWJ NIL ɂȂĂ
  )D
  CGI XNvg͓͂ɓꕶ܂߂U悭󂯂DɂĂ
  L̃RgQƂ邱ƁD

  ꕔ HTML form ́CsȒlx菜߂ɃNCAg
  ̃`FbNsD̃`FbN⃆[U̎菕ɂ͂Ȃ邪CZLeB
  ̖ɂ͗ȂDȂȂCU҂͂usȁvl𒼐ڃEFu
  T[oɑ邱Ƃł邩łD (uMłoHMȂv
  ̐߂)q悤ɁCT[ȏ͎SĂ̓͂ɂăeXgs
  Ȃ΂ȂȂD

  4.6.  ̓

  vO͕KSĂ̓͂𐧌łĂȂ΂ȂȂD
  setuid/setgid ꂽvOł͓ɓDȂȂĈ悤ȓ
  ɂ񂠂邩łDvOlȂ΂ȂȂ
  ͂ƂẮCJgfBNgCVOiC}b
  v(mmap)CSystem V IPC, umask (Vt@C̃ftHg
  p[~bV߂)DvŐNɁCK؂S
  w肳ꂽfBNg(chdir(2) p)IɈړ邱Ƃl
  邱ƁD

  4.7.  Lȓ͎Ԃƕ׃x̐

  ^CAEgƕ׃x͍̐sƁDɃlbg[N̓̓f
  [^ɑ΂Ă͂̐sƁDȂƁCU҂̓T[rX̗v
  葱邱ƂɂCȒPɃT[rXWQUsĂ܂D

  5.  obt@I[o[t[̉

  ɈʓIȃZLeBIׂɁuobt@I[o[t[vDZ
  pIɂ́Cobt@I[o[t[̓vO̓I̖肾C
  obt@I[o[t[͈ʓIdȖȂ̂ŁC̖̐ɏ
  ЂƂƂɂD̖肪ǂꂾdvƂƁCCERT ɂ
   1998 N 9, 13 C 1999 N̊̏ȂƂob
  t@I[o[t[Ɋ֌WĂD Bugtraq ɂ̒ɂ
  ƁCZLeB̎_̈ԑ̓obt@I[o[t[łƉ
  ҂̖ 2/3 Ă(c̉񓚎҂́uݒ~XvłƂĂ)
  [Cowan 1999]D

  obt@I[ot[N̂́Cl̏W(ʂ͕)Œ蒷̃ob
  t@ɏލۂɃobt@̏I[𒴂ďݑƂłDob
  t@I[o[t[̓[U̓͂obt@ɓǂݍގɋN\
  邪C̎ނ̏vOōsĂŒɂN\
  D

  SłׂvOŃobt@I[o[t[ƁCʂ͍U
  płĂ܂Dobt@ C ̃[JϐȂ΁CI[o[t
  [𗘗pčU҂̍DȃR[hs֐Ă΂邱Ƃł
  (ڂ [Aleph1 1996] QƂ邱)Dobt@q[vɂ΂
  ܂ł邪CU҂͂𗘗păvO̕ϐ𐧌䂷邱
  łD

  vO~OɂẮC{Iɂ̖̉e󂯂ȂD̗
  RƂẮCꂪIɔz̃TCYςꍇ(: Perl)Cʂ
  obt@I[o[t[oĖhꍇ(: Ada95)DCC
  ̓obt@I[o[t[hiSȂCC++ ̖N
  悤ȎgȒPɂłĂ܂D

  5.1.  C/C++ ɂ댯

  C gꍇ́CE΂ɒȂƂmȏꍇCE
  `FbNȂ댯Ȋ֐̎gpׂłD̏ꍇɔ
  ֐ƂẮC strcpy(3), strcat(3), sprintf(3), gets(3) D
  ̊֐͂ꂼ strncpy(3), strncat(3), snprintf(3), fgets(3)
  Œuׂł邪Cڂ͌ŐD֐ strlen(3) ́C
  ̏I[ NIL 邱ƂmłȂ͗pׂ
  łD̑(gɂĂ)obt@I[o[t[
  Ȃ֐ƂẮCfscanf(3), scanf(3), vsprintf(3), realpath(3),
  getopt(3), getpass(3), streadd(3), strecpy(3), strtrns(3) D

  5.2.  Cup@(C/C++)

  C/C++ ɂ@̈́Cobt@I[o[t[̖Ȃ
  Cu֐gƂłD

  C Ńobt@I[o[t[NȂ߂́uWIvȉ@́C
  ̂悤Ȗ󂯂Ȃ C Cu̕W֐gƂłD̃A
  v[`ł́CWCu֐ strncpy(3)  strncat(3) ɐ[
  ƂɂȂD̃Av[`gꍇ͒ӂ邱: ̊֐̃Z}
  eBNX͏ςĂāCgƂD֐ strncpy(3)
  ́CRs[̒̕Rs[̒ȏ̏ꍇCRs[̕
   NIL ŏI[ȂDāCstrncpy(3) ĂяóCRs[
  ̍̕Ō̕ɕK NIL ݒ肷邱ƁD strncpy(3) 
  strncat(3) ̂łCp\ȗeʂ̎cnĂȂ΂Ȃ
  ȂČvZ͊ԈႢ₷(āČvZԈႤƃobt@I[
  o[t[UƂɂȂ)Dǂ̊֐Cobt@I[o[t
  [Nǂ𒲂ׂȒPȎdg݂ĂȂDŌ
  ɁCstrncpy(3) ͒ȗΏۂł strcpy(3) \Iɂ͕s
  D̗ŔCstrncpy(3) ̓Rs[̎c̗̈ 0 Ŗ߂邩
  D

  ʂ̕@Ƃ( OpenBSD Ă@ł)C Miller 
  de Raadt J strlcpy(3)  strlcat(3) [Miller 1999]D
  ͍ŏAv[`łCC̃Rs[ƘAW̊֐Qƈق
  (ĊԈႢNɂ)C^tF[X C ɒ񋟂D
  ̊֐̃\[XR[hƕ́C
  <ftp://ftp.openbsd.org/pub/OpenBSD/src/lib/libc/string/strlcpy.3> 
  BSD `̃CZXɊÂēłD

  ɕʂ̕@ƂẮCŒ蒷̃obt@pCSĂ̕𓮓I
  蓖Ē@D̔ėpIȕ@́CGNU vO~OKCh
  CĂD C ŕ̓IȍĊ蓖ĂIɍs
  ߂̃c[Zbg̈ƂāCForrest J. Cavalier III ɂulibmib
  allocated string functionsvD
  <http://www.mibsoftware.com/libmib/astring> łD̃\[X
  R[h̓I[v\[XłD̓I[v\[Xł͂ȂCRɓ
  łD

  ɗȂCu͑ɂDႦ΁Cglib Cu
  I[v\[X̃vbgtH[ōLp\ł(GTK+ c[Lbg
   glib pĂ邪Cglib  GTK+ Ƃ͕ʂɗp\ł)D
  glib ͂āCglib ̃Cu֐obt@I[o[t[N
  ȂƂ𖾂炩ɂ邱Ƃ͂łȂC͐悤łD{
  _̌̔łł́Cǂ glib ֐g΃obt@I[o[t[̖
  邩m߂ƍlĂD

  5.3.  RpCs@(C/C++)

  Sʂ̃Av[`ƂāCE`FbNsRpC@p邱
  ł(@̈ꗗɂĂ [Sitaker 1999] Q)DM҂̈ӌł́C
  c[͖hdɂꍇɂ͔ɖ𗧂C̋Zp
  PƂ̖hiƂėp̂͌Ƃ͌ȂD̗R͏ȂƂ 2
  D܂ŏ̗ŔCc[̂قƂǂ͈ꕔ̃obt@I
  [o[t[hȂ(uSvɖhƂƁCʂɑx 12-30
  {xȂ)D͒PɁCC  C++ ̓obt@I[o[t[h悤
  ͐݌vĂȂłD̗RƂẮCI[v\[X̃vO
  ł́CvÕRpCۂɎgc[͂肵
  DāCVXẽftHǵuʁṽRpCg
  ƂɃZLeBׂ̌邱ƂɂȂD
  ֗ȃc[̂ЂƂɁuStackGuardvD̃c[́uhv
  ߂̒l(ucanary(JiA)vƌĂ΂)𕜋AAhX̑Oɑ}D
  obt@I[o[t[ɂĕAAhXƁC
  canary l()ωCVXe͂̃AhXgOɃobt@I[
  o[t[ołD̃c[͔ɏdvC̒l
  悤ȃobt@I[o[t[͖hȂ_ɒӂ邱ƁD StackGuard 
  gđ̃f[^vfɂ canary lǉłc[D
  uPointGuardvƌĂ΂ĂD PointGuard ͓̒l(ႦΊ֐ւ̃|
  C^ longjump obt@)Iɕی삷DCPointGuard 
  gđ̌^̕ϐ邽߂ɂ́CvO}̒ƂsKv
  (vO}́Ccanary lgĎׂf[^w肵Ȃ΂
  Ȃ)D̃c[͏dvCی͂ȂƍlĂ͕ی삪
  Kvȃf[^̕یԈďȗĂ܂₷D StackGuard,
  PointGuard ₱̑ƂȂc[Ɋւڂ
  ́CCowan [1999] QƂ邱ƁD

  ֘AƂāCLinux J[lCăX^bNZOgs\
  Ȃ邱ƂłD̂悤ȃpb`͎ۂɑ݂( Solar Designer
  ̃pb`ɂ̋@\܂܂ĂDpb`
  <http://www.openwall.com/linux/> ł)DC̘_
  Ă鎞_ł́C̃pb` Linux J[lɂ͎荞܂ĂȂD
  ̍̂ЂƂ́C̃pb`͌߂قǖhʂȂƂłD
  ܂CU҂͒PɊɃvOɓĂ鑼́uʔvꏊ(Ⴆ
  ΁CCuCq[vCÓIf[^ZOg)VXeɌĂ΂
  邱Ƃł̂łD܂CLinux ̓X^bNɎs\ȃR[hK
  vƂ邱ƂDႦ΁CVOi̎CGCC ́ug|v
  鎞łD [: ug|vƂ́CqɂȂ֐ɓ
  邽߂ɎsɐR[ĥƂł] Solar Designer ̃pb`
  ̃P[XɂΏł邪Ĉ߂Ƀpb`GɂȂĂD
  lIɂ͂̃pb`{Ƃ Linux zzɑgݍ܂邱Ƃ]Ă
  DȂȂC̃pb`ɂU炩ɂȂ邵C͈͂̊
  ̍UhƂł邩łDC̃pb`͌߂قǖh
  ȂƂƁCrIeՂɏo_ɂĂ͕M҂ Linus
  Torvalds ƓӌłD̋@\܂߂ȂƂɊւ Linus
  Torvalds ̐ <http://lwn.net/980806/a/linus-noexec.html> œǂނ
  ƂłD

  v񂷂ƁC܂̓obt@I[o[t[ɂU󂯂Ȃv
  OJ悢ƂƂłDāCs
  ŁCStackGuard ̋Zpc[ǉ̈SlbgƂĎgƂ悢DR
  [hgobt@I[o[t[𖳂悤ɓw͂΁C
  StackGuard ɌʓIɎg邾낤DȂȂCĥ߂
  StackGuard ĂяoƂƂȂuŽԁvȂȂ邩łD

  5.4.  ̌̎gp

  obt@I[o[t[̖́Cobt@I[o[t[ɑ΂ĈS
  Perl, Python, Ada95 Ƃ̌łƂȂDC
  gƂđSĂ̖肪ȂȂ킯ł͂ȂDɁuĂ
  o̍ۂɐlgvŏqׂĂ NIL Ɋւ
  QƂ邱ƁD܂Č̃Ct(ႦΎsCu)p
  \Sł邱Ƃۏ؂邱Ƃ̖DłCob
  t@I[o[t[NȂSȃvOJۂɂ́Č
  ̎gpmɌׂłD

  6.  vO̓Ɠ̍\

  6.1.  C^tF[XSɂ

  C^tF[X͂ł邾(łP)C(Kvȋ@\
  񋟂)CIłȂ悤ɂׂłDM͂ł邾Ȃ
  ɂׂłDAvP[Vf[^̃r[A͊Oōꂽ
  t@C̕\Ɏg邱Ƃ̂ŁCSȁuv邾̑
  ̍Ƃ肪Ȃ̂ł΁Cʂ̓vO(s}N
  ܂)̎sĂ͂ȂȂD

  6.2.  ^錠ł邾

  ɏqׂ悤ɁCvOɎ͍̂ƂɕKvŏ̌
  ׂłƂdvȈʌDĂ΁CvO
  ĂQ͗}DƂɒ[ȗ́CSɂȂ΂ȂȂ
  ȃvOPɏȂƂłDōςނ̂ł΁CЂ
  ׂłD

  Linux ł́CvZX̃p[~bV߂vȗvf́CvZX
  Ă ID ł: evZX̓[UƃO[v̗ɂĎ ID,
   ID, t@CVXe ID, ۑ ID ĂD̒l܂
  邱Ƃ́Cp[~bVŏɕۂŔɏdvłD

  p[~bV́Cȉŏqׂ镡̊ϓ_ŏׂł:

  o  ^ō̃p[~bVł邾邱ƁDvO
     ́Croot ͉\ȂΗ^ȂDt@CɃANZXKv
     邾Ȃ΁CvO setuid root Ă͂ȂȂD̏ꍇ
     p̃O[vC̃t@C̃O[vɓCăv
     ÕO[v setgid 邱ƂlׂłD̂
     ɁCvO setuid łȂ setgid 悤Ɏ݂邱ƁDȂ
     ȂCO[vɏ錠ł(ɁCO
     [vɏł̓t@C̃p[~bVύX錠͓
     Ȃ)DCt@CɃANZX邽߂ɃvÕ[Up[
     ~bVɐ؂ւĂꍇ(Ⴆ NFS T[o)́CLinux
     ŗL̒lłut@CVXe UIDv(FSUID)̐ݒl邱
     ƁDȂȂC FSUID g΁CԂNɁC[U
     vZXɃVOi𑗂点ȂŃt@CANZX𐧌ł邩
     łD

     vO root ^Ȃ΂ȂȂꍇ́CLinux 2.2 ȍ~
     ŗp\ POSIX ̃P[preB@\gCvON
     Ɍł邾邱Ƃl邱ƁD
     cap_set_proc(3)  Linux ŗL capsetp(3) ֐Nɗp
     ƂɂāCȍ~̓vǑ{ɕKvȌɌ
     炷ƂłDKSĂ UNIX I OS ɂ POSIX P[pr
     eBĂȂ_ɒӂ邱ƁD Linux ɂ POSIX P[
     preB̎ɊւڂɂẮC
     <http://linux.kernel.org/pub/linux/libs/security/linux-privs> Q
     Ƃ邱ƁD

  o  p[~bVLȎԂł邾Z邱ƁDK
     Csetuid(2), seteuid(2) ₱̊֌W̊֐pāCvÕp
     [~bVKvȎɗLƂȂ悤ɂ邱ƁD

  o  p[~bVLɂȂ蓾鎞Ԃł邾Z邱ƁDł
     葁Cp[~bVSɕ邱ƁD Linux ́uۑvID
     Ă̂ŁCłȒPȃAv[`͑̃[U ID xM
     łȂ ID ɐݒ肷邱ƂłD setuid/setgid ꂽvO
     ́CȂR̂łȂΕʂ͎ GID Ǝ UID Ɏ
     ۂ ID w肷邱ƁD fork(2) ̒͂邱ƁD root
     ̂Ăđ̃[ǓɐؑւƂ͂܂ GID ύXȂ
     ΂ȂȂ_ɒӂ邱ƁDȂΓ삵Ȃ!

  o  p[~bVKv郂W[̐ł邾Ȃ
     ƁDp[~bVĂ郂W[̐Ȃ΁C̃
     W[Sǂ𒲂ׂ邱ƂƗeՂɂȂD
     @̈́CO̍ڂɏ]ƂłD܂C̃W
     [gɂ̂Ă΁CŌĂяoꂽ̃W[
     ̌𗔗p邱Ƃ͕s\łDʂ̕@ƂẮCR}
     h𕪂D܂C[U(root )̂߂ɐFX
     Ȏނ̍ƂsPƂ̃R}hƁCsetuid Ă邯Ǐ
     CPłꂽꕔ̃R}h(͂΍
     R}hŏ̃vOɓn)c[pӂ̂łD
     GUI x[X̃VXeł͓ɗLłD܂CGUI ͈ʃ[
     Uœ삳CGUI ̃NGXgꌠʂ̃W
     [ɓn̂łD

  o  p\ȃ\[Xł邾ȂDt@CfBNg
     p[~bV́CvOgď̂̃[U
     ɂȂ悤ɐݒ肷ׂłD̓Q[̃nCXRAȂǂł
     g@łD܂CQ[͕ʂ games O[v
     setgid ɂĂāCXRAt@C̓O[v games LĂ
     CQ[̃vO͒Nʂ̃[U(root Ȃ)LĂD
     Ă΁CQ[̃VXejƐl̓nCXRAύXł
     CQ[̎st@Cݒt@CύX邱Ƃ͂łȂD

     قȂ@\ɂ͈قȂ郆[UO[vpӂ邱Ƃ邱ƁD
     ΁CVXejĂĈ܂ܑđ̃VXeɔ
     Q^邱Ƃ͂łȂD

     chroot(2) R}hg΁CvOꂽ̃t@C
     płȂ悤ɂłDsɂ̓fBNg𒍈Ӑ[ݒ肷
     Kv(uchroot ̘S(chroot jail)v)D root 
     vO͂łVXejs邪 (mknod(2) ̃VX
     eR[ŃVXeύX)CȊȌꍇ͂̂悤
     uSvgƂŃvÕZLeB啝ɌシD

  OS ɂẮCЂƂ̃vZXɐMsw𕡐Ă
  ̂DႦ΁CMultics ̃O@\ȂǂłDW UNIX 
  Linux ́CPƂ̃vZXŊ֐gĂ̂悤ɐM̃x
  ɕ@ĂȂDJ[lɑ΂VXeR[Ńp[
  ~bVコ邱Ƃ͂ł邪C̃vZX͈̐Mx
  ĂȂD Linux ⑼ UNIX I OS ł́CЂƂ̃vZX𕡐
  ̃vZX fork 邱ƂĂ̋@\^IɎł邱Ƃ
  Dsɂ͈SȒʐMoHݒ肵(ʂ͖OȂpCvg
  )Cꂩ畡̃vZXւ fork sCĂł葽̃p
  [~bV̂ĂDꂩCPȃvgRpĐMx̍v
  ZXMx̒ႢvZXɓvł悤ɂCMx̍
  vZX͌ꂽvɂΉȂƂmɍsD

   Java 2  Fluke ̂悤ȋZpDʐĂ镪̂ЂƂ
  D Java 2 ł́Cׂꂽp[~bVwł(: 
  ̃t@CI[vłp[~bV)DCʂ͔ėp
  OS ͂̂悤ȋ@\͎ĂȂD

  Linux ̊evZX Linux ŗL̏Ԓl 2 ĂD܂Ct@
  CVXe[U ID (FSUID) ƃt@CVXeO[v ID(FSGID) 
  D̒l̓t@CVXẽp[~bV`FbNƂ
  gD root vÓCID ʃ[Û̐؂ւ
  ăt@CVXeANZX̂ł͂ȂCP FSUID  FSGID ς
  邾Ƃ@ׂłD̗ŔCvZX̎s UID 
  ݒ肷ƁC UID ɑΉ郆[U͂̃vZXɃVOi𑗂
  CFSUID ύXȂ΃VOi𑗂ȂłD̕@
  _́C̃VXeR[͑ POSIX VXeɂ͈ڐAłȂ_ł
  D

  6.3.  ftHg͈SȐݒɂ

  CXg[́C[Uɐݒ̋@^܂ł́CvO͑SĂ
  ANZXۂׂłDCXg[ꂽt@CfBNg
  E珑߂ԂłĂ͂ȂȂD܂ۂɂ́CM郆[
  UȊOɂ͓ǂ߂ȂĂƂ悢낤DݒLqƂ낪΁C
  ftHg̐ݒ̓[UʂɋĂȂ΃ANZXۂ
  ɂĂׂłD

  6.4.  tF[I[v

  SȃvO͏ɁutF[I[vvłׂłD܂Cv
  OsƁCvO͑SẴANZXۂ悤ɐ
  vĂׂł(utF[Z[tvƂĂ΂)D炩̂
  ȓ(sȓ́CuȂ͂̂ȂԂɁvȂ邱Ɠ)悤
  ΁CvO͑ɃT[rX~ׂłDu[Ű߂Ă
  邱Ƃ𒲂ׁv悤Ƃ͂CɃT[rX֎~邱ƁD̂悤Ȃ
  ([U猩ꍇ)M֗𑹂˂邱Ƃ邪CZL
  eB͌シD

  6.5.  Ԃ̉

  SɂׂvOŁC󂯎NGXgF߂ׂǂ
  ߂Ȃ΂Ȃ炸CF߂ׂł΃NGXgsȂ΂Ȃ
  ȂDvONGXgsÖӎvɂ́CMłȂ
  [U炩̉eyڂiĂ͂ȂȂD

  ̖̓t@CVXeł͌JԂNDvOł͈ʓIɁC
  NGXgF߂邩ǂ߂邽߂ access(2) pČ
  open(2) ĝׂ͔łDȂȂC2 ̃VXeR[
  ΂鍇ԂɃ[Ut@Cړ邱Ƃł邩łDS
  vOł́C̕@ł͂ȂC ID t@CVXe ID ݒ
  Cꂩ璼 open VXeR[ĂяoׂłD access(2)
  SɎgƂ\ł͂邪C̓[Ut@Cуt@C
  VXẽ[g̃pXɂǂ̃fBNgɂeyڂȂ
  łD

  6.6.  MłʐMoHMȂ

  ʓIɂ́CMłȂʐMoH瓾ʂMĂ͂ȂȂD

  قƂǂ̃Rs[^lbg[N(ʂ̃C^[lbg̏ꍇ
  )F؂ĂȂMf[^͂܂MɒlȂDႦ΃C^[
  lbgł̓wb_l܂߂ĔCӂ̃pPbgUł̂ŁCpPbg
  F؂sꍇāC̒lZLeBIȔf߂
  ȊɂĂ͂ȂȂDꍇɂẮCulbg[Nv痈
  Ǝ咣ĂpPbgۂɂłƒfł邱Ƃ邪([
  J̃t@CAEH[ÔȂ肷܂hꍇȂ)Ct@C
  EH[jꂽCʂ̌oHCgы@܂ꂽꍇ
  ͂̂悤ȉ^킵ȂĂ܂Dl̘bŁCʂ̃|[g
  (1024 )MpłƉ肵Ă͂ȂȂDقƂǂ̃lbg[N
  ł͂̂悤ȃNGXg͋Uł邵Cʂ̃|[gԍg悤
  vbgtH[邱Ƃł邩łD

  Wł邪{IɈSłȂvgR(: ftp  rlogin)
  ƂĂꍇ́CSȃftHgݒpӂCOq̂悤ȉ
  ĂƁD

  hCl[VXe(DNS)̓Rs[^̖O IP(l)AhX
  т邽߂ɃC^[lbgōLgĂDuDNS tvƌĂ
  Zpg΁Cꕔ̒PȂȂ肷܂UhƂłCzXg
  O𒲂ׂƂɂ𗧂DC̋ZpMĔF؂̌Ɏg
  Ƃ͂łȂD̖͌ǁCDNS ̃NGXg͍ŏIIɂ͍U҂
  䂵Ă邩Ȃǂ̃[gVXeɑƂ_ł
  DāCDNS ̎Qƌʂ͂ƂĈۂɂ́C؂sKv
  邵CʂMpďdvȃANZXɗpĂ͂ȂȂD

  pX[h߂ꍇ́CMłoHł邾pӂ邱(Ⴆ
  ΁COC̑OɋUłȂL[CLED ̓_ł̂悤ȋU
  łȂp^[̕\sƂKvł)DpX[hƂ
  ́CpX[ḧÍڑ̐Mł[_ōsƁD

  ܂Cǂȓdq[(uFrom sṽAhX܂)łU邱Ƃ
  \łDdq̗ṕĈ悤ȍȖj~iƂ
  DƊȒPȖhíC_ɐȒldq[
  Ƃ肷邱ƂłDJ[OXg̓o^Ȃǂ̏dv̒
  Ƃł́Cʂ͂̒xŏ\łD

  MłȂlbg[NɐMłʐMoHpӂ邱ƂKv
  ΁C炩̎ނ̈ÍT[rX(Œ̂Ƃł́CÍIɈS
  nbV)KvłDڂ́uÍ̃ASYƃvgRv̐
  QƂ邱ƁD

  NCAg/T[of(CGI ܂)͂ǂȌ`̂̂łCT[o
  NCAg͂ǂȒlłύXł邱Ƃz肵ĂȂ΂ȂȂD
  Ⴆ΁CuBtB[hvNbL[̒lCCGI vO
  OɃNCAgŕύXłDNCAgUsCT[
  o`FbNł悤Ȍ`ŏȂĂ̂łȂ΁Ĉ悤
  lMp邱Ƃ͂łȂD

  ֐ getlogin(3)  ttyname(3) ́C[J̃[Uł
  Ԃ̂ŁCZLeB̖ړIł̏MpĂ͂ȂȂD

  6.7.  IȐ`FbN悤ȃR[h

  vÓC֐ĂяöƊ{Ԃ̉肪Ƃۏ؂
  ߂̃`FbNsȂĂ͂ȂȂD C ł́Cassert(3) ̂悤
  }N`FbNɖ𗧂D

  6.8.  gŃ\[X𐧌

  lbg[Nf[̏ꍇ́C镉ׂ͐؂̂Ă邩邱ƁD
  limit lݒ肵(setrlimit(2) gp)Cg郊\[X𐧌邱
  ƁDȂƂCucorevt@C̐ setrlimit(2) ŋNȂ悤
  ɐݒ肷邱ƁDvOُIƂ Linux  core
  t@Cɂ͒ʏ͑SẴvOۑ邪Ĉ悤ȃt@
  Cɂ̓pX[h₻̖̑肪f[^邩Ȃł
  D

  7.  ̃\[X̌Ăяo̍ۂɂ͒ӂ

  7.1.  Ăяo̍ۂɐlg

  ̃vǑĂяóCSĂ̈҂Ălł
  ꍇɌċƁD͌ƂłDȂ
  Cȕ@Œ჌x֐ĂяoĂ邩ȂCu
  R}h񑶍݂邩łDႦ΁Cpopen(3) 
  system(3) Ȃǂ̃VXeR[̓R}hVFĂяo@Ŏ
  Ă̂ŁCVF̃^̉e󂯂Ă܂DlɁCexeclp(3) 
  execvp(3) ̓VFĂяoƂD̃KChC
  ́Cpopen(3), system(3), execlp(3), execvp(3) ̎gp͐΂ɔCC 
  vZX𗧂グ鎞ɂ͒ execve(3) gƂ߂Ă[Galvin
  1998b]D悤ɁCPerl VF̃obNNH[gL(`)R}hVF
  ĂяoD

  ̖ňԈȗ́CVF̃^łD Linux ̕W̃R}
  hVF͑̕ʈD̂悤ȕVFɑꂽ
  ꍇC̕GXP[vĂȂΓȏsD̓
  𗘗păvOj邱Ƃ\łD WWW Security FAQ [Stein
  1999, Q37] ɂƁĈ悤ȃ^͈ȉ̒ʂł:

  & ; ` ' \ " | * ? ~ < > ^ ( ) [ ] { } $ \n \r

  ̂̕ǂꂩYĂƔߎSȂƂɂȂ\DႦ
  ΁C̃vO̓obNXbV^Ƃďȗ[rfp
  1999]DuSĂ̓͂؂v̏͂Ő悤ɁC]܂Av[
  `́CȂƂ͂̕Ɍꂽ瑦ɃGXP[v邱
  łD

  Ɋ֘AƂāCNIL ( `0')e炷\
  D C/C++ ̂قƂǂ̊֐́CNIL ͕̏I\
  ̂ƂĂ邪Č(Perl  Ada95 )ł NIL ܂ޕ
  ƂłD̊֐VXeR[ C ̊Kɏ]Ă
  ŁC`FbN̂ۂɎĝƈقȂĂ܂ƂɂȂ[rfp
  1999]D

  ̃vOĂяoƂt@CQƂƂɂ́CK΃pX
  (/usr/bin/sort)w肷邱ƁDvOĂяoꍇɂ̂悤Ȏw
  sƁCPATH ϐݒ肳ĂȂĂuԈvR}h
  ĂԂƂȂȂD̃t@CQƂꍇɂCJnfBNg
  uԈႤv炷ƂłD

  7.2.  VXeR[̖߂l͑Să`FbN

  G[ԂԂVXeR[Ăяoꍇɂ͕KCG[Ԃ
  `FbNȂ΂ȂȂD̗R̂ЂƂ́CقƂǑSẴVXe
  R[̓VXẽ\[X𐧌Kv邪C[U͂낢ȕ
  @Ń\[Xɉe^邱ƂłD setuid/setgid ꂽvO
  ɂ́Csetrlimit(3)  nice(2) ƂVXeR[gĐ
  ݒ肷Ƃ悢DT[ovO CGI XNvgOg[U
  ́Cʂ̃NGXg𓯎ɑ邾ŃVXẽ\[XHׂ
  ł邩ȂDG[𖳓ɏłȂ̂ł΁Cɐ
  tF[I[vȑΉsƁD

  8.  ɕԂ͒Ӑ[I

  8.1.  Ԃł邾Ȃ

  MłȂ[Uɂ͏^Ă͂ȂȂDPɐ܂͎s
  ԂCs̏ꍇPɎsƎsRɊւŏ̏
  Ԃɂ邱ƁDڂ͊č邽߂̃OƂĕۑDȉ
  ɗ:

  o  vO炩̃[UF؂KvƂꍇ(lbg[NT[rX
     ⃍OCvOĂꍇ)CF؂̑OɃ[Uɗ^
     ͂ł菭Ȃ邱ƁDɁCF؂̑OɃvÕo[W
     ԍ邱Ƃ͔Ȃ΂ȂȂDvÕo[W
     Ă܂Cꂪ_Ăo[Wł邱Ƃ
     炩ɂȂꍇC̃o[WAbvO[hĂȂ[U
     ͎_Ă邱ƂU҂ɐ`Ă悤Ȃ̂łD

  o  pX[h󂯕tvȌꍇCpX[hGR[obN
     Ă͂ȂȂDpX[hGR[obNƁCpX[h`锲
     Ă܂ƂɂȂD

  8.2.  o͐悪l܂Ăꍇ≞Ȃꍇւ̑Ώ

  [ÚCSɂׂvO[UɏԂo͌oHl܂点
  CȂ邱ƂłDႦ΁C̈ӂɃEFuuEU~
  CTCP/IP oH̔xłDSɂׂvÓC
  ꍇɂΏłȂ΂ȂȂDɁCT[rXWQU̗]n
  ^Ȃ߂ɁC(łΉԂO) fbNԂ甲o
  ׂłDlbg[N̏oNGXgɂ́CK^CA
  Egݒ肷ׂłD

  9.  Șb

  9.1.  bLO

  svOɑ΂ĔrIɕۏ؂Ȃ΂ȂȂ󋵂
  悭ND POSIX VXe̊Kł́C̓bNԂt@C
  邱ƂɂčsDȂȂC̕@͑̃VXeɈڐA
  邩łD

  CȂ΂ȂȂ㩂D܂Croot v
  ÓCO_EXCL [hŃI[vĂt@C(ʂ͊Ƀt@C
  Ύs)łĂI[vłDȂ\ꍇ
  ɂ́Copen(2) ł͂Ȃ link(2) găt@C쐬邱ƁD
  }Vœɕ̓T[o𓮍삳Ȃł΁C
  /var/log/NAME.pid ƂbNt@CC̒ pid 
  @邱ƁD̕@ɂ́CvOrŎ~܂ƃbNt@
  CcĂ܂Ƃ_邪C悭g@łC̃VX
  ec[łȒPɈƂłD

  ɁCbNt@C NFS }Egt@CVXeɒu
  \ꍇɂ́CNFS ͒ʏ̃t@Cɑ΂鑀Sɂ̓T|[g
  ĂȂƂ肪NDopen(2) ̃}jAɂ́Ĉ悤ȃP[
  XɑΏ@Ă(root ̃vÖ̖
  Ă):

  cbNsۂ [open(2)  O_CREAT tO O_EXCL tO] 
  ĂvÓCԂɂȂ\DbNt@C
  g atomic (s)t@C̃bNs@ł́Ct@C
  VXeɃj[Nȃt@C(Ⴆ΃zXg pid gݍ킹
  )邱ƂłDsɂ́Clink(2) găbNt@C
  ̃NCstat(2) gẴNJEg 2 ɑǂ
  𒲂ׂ邱ƁD link(2) VXeR[̖߂lgĂ͂ȂȂD

  9.2.  pX[h

  \ł΁CpX[hR[h͏Ȃق悢DɁCA
  vP[V[JŎĝł΁C[Uɂʏ̃OC
  F؂ɗ悤ɂ邱ƁDAvP[V CGI XNvgȂ΁Ch
  ̓EFuT[oɔCƂ悢Dlbg[Nœ삷AvP[V
  ̏ꍇ́CpX[h𕽕ő̂(łȂ)ׂłD
  ȂCŃlbg[N𗬂ꂽpX[h̓lbg[Nc[
  ȒPɏE邽߁CŎg邨ꂪ邩łDlbg[N̏
  ɂ͏ȂƂ_CWFXgpX[h̎gp邱(͔\
  IȍUɂ͎アC󓮓Iȃlbg[N͖hƂł)D

  쐬AvP[VŃpX[hꍇɂ́CpX[h炩
  ɂȂ̂ł邾邽߁Cgpɂ͂pX[hׂ
  ƁD Java ̏ꍇ́CpX[h̕ێ String ^gĂ͂ȂȂD
  ȂCString ^̓e͕ωȂł(Kx[WRNVs
  čėp܂ł͏ׂ邱Ƃ͂ȂCȂ̂炭
  ƎԂoĂł)DpX[h̕ێɂ String ^ł͂Ȃ
  char[] ^p邱ƁD΁CɏׂƂłD

  [UpX[hݒłAvP[V̏ꍇ́CpX[hm
  FCuǂvpX[h󂯕t邱(: ɂȂtł
  Cx̒铙)DǂpX[h̑IѕɂĂ
  <http://consult.cern.ch/writeup/security/security_3.html> ̏
  ׂƂ悢낤D

  9.3.  

  Linux J[l(1.3.30 ȍ~)ɂ͗킪ĂD́C
  mCYfoCXhCoȂǂ̓͌W߂ăGgs[v[
  D /dev/random ANZXƁCGgs[v[̗G
  ̓x𐄒肵rbgɌꂽ͈͂Ń_ȃoCg񂪕Ԃ
  (Ggs[v[̎́ČĂяo͐VmCYW܂
  ܂ł̓ubN)D /dev/urandom ƂăANZXꂽꍇ́C
  Ggs[v[łĂCvꂽ̃oCg񂪕Ԃ
  DÍɎg(: ̐)Ƀ_Ȓlĝł΁C
  /dev/random gƁDɏڂɂẮC}jA
  random(4) QƂ邱ƁD

  9.4.  Í̃ASYƃvgR

  Í̃ASYƃvgR̓VXëSmۂ邽߂ɕKvȂ
  ƂDɁCC^[lbĝ悤ɐMłȂlbg[Nʂ
  ʐM鎞͂łD\ł΁CZbṼnCWbNhC
  F؏BCɃvCoV[邽߂ɒʐMZbV̈Í
  sׂłD

  Í̃ASYƃvgR𐳂͍̂Ȃ̂ŁCł͍
  Ȃ悢D̑ɁCSSL, SSH, IPSec, GnuPG/PGP, Kerberos 
  ̕W̃vgRgƂ悢DI[vɌJĂ
  āCN̍UɂςÍASY(ɂ triple DES ܂܂
  D̃ASYɂ͕̐tĂȂ) gƁD
  ɁCÍ̐Ƃł艽Ă̂킩̂łȂ΁CƎ
  ̈ÍASYׂł͂ȂDASŶ
  ƂׂƂłD

  9.5.  Java

  Linux ̈ꕔ̃ZLeB֘AvO Java  Java z}V
  (Java Virtual Machine, JVM)gčĂD Java gS
  vO̊JɂẮCGong [1999] Ȃǂďڂ
  ĂDȉɁCdvȓ_ Gong [1999] p:

  o  pulic ȃtB[hϐgȂDtB[hϐ private Ő
     ăANZXɒ񋟂邱ƁD΃ANZXɐ邱
     ƂłD

  o  private ɂȂ\ȗRȂ΁C\bh private ɂD

  o  static ȃtB[hϐgȂD̂悤ȕϐ(NX̃CX
     ^Xł͂Ȃ)NXɊ蓖Ă邪CNX͑̑SẴNX
     猩邱ƂłĎʁCstatic ȃtB[hϐ͑̃N
     XɌ̂ŁCSɂ̂ƓȂD

  o  mutable ȃIuWFNǵCӂĂ邩ȂR[hɕԂ
     Ă͂ȂȂ(̃R[hύX邩Ȃ)D

  9.6.  PAM

  قƂǂ Linux fBXgr[Vɂ PAM (Pluggable
  Authentication Modules)Ƃ_ȃ[UF؋@\ĂDo[
  W 2.2 ̎_ł́CPAM  RedHat Linux, Caldera, Debian ɓĂ
  Do[W 3.1 ̎_ FreeBSD  PAM T|[gĂD PAM 
  pƁC쐬vOFؕ@(pX[hCSmartCard ) Ɠ
  ɂłD{Iɂ́CvO PAM ĂԂƁCPAM ̓[J̃V
  XeǗ҂pӂݒ̑g𒲂ׁCǂ́uF؃W[vKv
  sɌ肷DF(pX[h̓͂Ȃ)KvƂvO
  ꍇɂ́C PAM ɑΉׂłD Linux-PAM vWFNg
  ւ <http://www.kernel.org/pub/linux/libs/pam/index.html> 
  D

  9.7.  ̘̑b

  vO̓ɉ炩̑O񂪂ꍇCȂƂ`FbNł
  ͎ۂɎgO(Ⴆ΃vO̍ŏ)vOŃ`FbN邱
  ƁDႦ΁Cw肳ꂽfBNg ``sticky'' rbgݒ肳Ă
  ƂɃvOˑĂȂ΁Cm߂邱ƁD̂悤Ȋm
  F͂قƂǎԂ͂ȂCdȖłDĂяoxɊm
  FƎsԂsȃeXgɂẮCȂƂCXg[Ƀe
  Xg邱ƁD

  vŐNCZbV̊JnC삪^킵ɂ́CčO
  o͂邱ƁDlƂẮCtCCUID, EUID, GID,
  EGID, [ɊւCvZX ID, R}hC̒lȂǂD
  Oۂɂ́Csyslog(3) ֐𗧂낤D

  CXg[pXNvgɂ́CłSɃvÕCXg[
  s킹邱ƁDftHgł́CSẴt@C root ܂͕ʂ̃VXe
  [ȔLɂĂC̃[U͏߂Ȃ悤ɂĂ
  ƁDɂCroot ȊÕ[UɂEBX̃CXg[h
  ƂłD\ȏꏊɂĂ root ȊÕ[UɂCXg[
  ƁD΁Croot Ȃ[UCCXg[S
  ɂ͐MpĂȂǗ҂ł̃vOgpłD

  \ł΁Croot  setuid/setgid vO͍쐬ȂƁD
  ̑ɁC[U root ƂăOC΂悢D

  R[hɏĂƁD΁C肵̂Ɨpӂꂽ̂
  ǂm߂邱ƂłD

  SɂKvvÓCÓIɃN邱ƂƂ
  DΓIÑCu͎gȂ̂ŁCIN@\
  _UhƂłD

  R[hǂގɂ́Cǂ̏vȂꍇ܂߂đSčl邱ƁD
  Ⴆ switch ꍇɂǂ case ɂvȂƂǂȂ邾낤
  ?  ``if'' ꍇɂ́CUȂǂȂ邾낤?

  vO𓮍삳鎞̓RpC̃`FbNƎs̃`FbN͕K
  LɂCpIɓȂ΃`FbNIvV͂̂܂܂ɂĂ
  ƁD Perl ̃vOł͌xtO(-w)LɂĂׂłD
  ̃tOLɂĂƁC댯镶Âdl̕ɑ΂Čx
  oĂ炦D܂CԂ taint tO(-T)LɂĂׂ
  D̃tOLɂĂƁCMłȂ͂炩̏ɒʂ
  ɒڎgp邱ƂłȂȂDZLeB֘ÃvÓCS
  Ă̌xIvVLɂԂłxbZ[WoȂ悤ɃR
  pCł悤ɂׂłD gcc g C  C++ RpC
  鎞́CȂƂȉ̃RpCtOgp(قƂǂ̌xbZ
  [WLɂȂ)CłΑSĂ̌xoȂ悤ɂ邱:

  gcc -Wall -Wpointer-arith -Wstrict-prototypes

  10.  _

  {ɈSȃvO̐݌vƎ Linux ōsƂ͖{ɓ
  ƂłD̓́C{ɈSȃvO͓GɂȂ\
  [UłSĂ̓͂Ɗɑ΂ēK؂ɉłȂ΂Ȃ
  _ɂD Linux ŗL̖ł͂ȂC̔ėp OS (UNIX 
  WindowsNT ) łJҒB͓l݂̎sĂDSłȂ΂Ȃ
  ȂvOJ҂́CvbgtH[[C ({_̂悤
  )KChC悭ǂŗpC(sAr[Ȃǂ) ۏ؂̂߂̍H
  {邱ƂɂvO̎_炳Ȃ΂ȂȂD

  11.  Ql

  EFuœ\ȋZpLɋĂ_ɒӂ邱ƁDȂ
  C̎̋Zp̂قƂǂ̓EFugēł邩łD

  [Al-Herbish 1999] Al-Herbish, Thamer.  1999.  Secure Unix Programming
  FAQ.  <http://www.whitefang.com/sup>.

  [Aleph1 1996] Aleph1.  November 8, 1996.  ``Smashing The Stack For Fun
  And Profit.''  Phrack Magazine.  Issue 49, Article 14.
  <http://www.phrack.com>

  [Anonymous unknown] SETUID(7)
  <http://www.homeport.org/~adam/setuid.7.html>.

  [AUSCERT 1996] Australian Computer Emergency Response Team (AUSCERT)
  and O'Reilly.  May 23, 1996 (rev 3C).  A Lab Engineers Check List for
  Writing Secure Unix Code.
  <ftp://ftp.auscert.org.au/pub/auscert/papers/secure_programming_checklist>

  [Bach 1986] Bach, Maurice J.  1986.  The Design of the Unix Operating
  System.  Englewood Cliffs, NJ: Prentice-Hall, Inc.  ISBN 0-13-201799-7
  025.

  [Bellovin 1994] Bellovin, Steven M.  December 1994.  Shifting the Odds
  -- Writing (More) Secure Software.  Murray Hill, NJ: AT&T Research.
  <http://www.research.att.com/~smb/talks>

  [Bishop 1996] Bishop, Matt.  May 1996.  ``UNIX Security: Security in
  Programming.''  SANS '96. Washington DC (May 1996).
  <http://olympus.cs.ucdavis.edu/~bishop/secprog.html>

  [Bishop 1997] Bishop, Matt.  October 1997.  ``Writing Safe Privileged
  Programs.''  Network Security 1997 New Orleans, LA.
  <http://olympus.cs.ucdavis.edu/~bishop/secprog.html>

  [CC 1999] The Common Criteria for Information Technology Security
  Evaluation (CC).  August 1999.  Version 2.1.  Technically identical to
  International Standard ISO/IEC 15408:1999.
  <http://csrc.nist.gov/cc/ccv20/ccv2list.htm>

  [CERT 1998] Computer Emergency Response Team (CERT) Coordination
  Center (CERT/CC).  February 13, 1998.  Sanitizing User-Supplied Data
  in CGI Scripts.  CERT Advisory CA-97.25.CGI_metachar.
  <http://www.cert.org/advisories/CA-97.25.CGI_metachar.html>.

  [CMU 1998] Carnegie Mellon University (CMU).  February 13, 1998
  Version 1.4.  ``How To Remove Meta-characters From User-Supplied Data
  In CGI Scripts.''
  <ftp://ftp.cert.org/pub/tech_tips/cgi_metacharacters>.

  [Cowan 1999] Cowan, Crispin, Perry Wagle, Calton Pu, Steve Beattie,
  and Jonathan Walpole.  ``Buffer Overflows: Attacks and Defenses for
  the Vulnerability of the Decade.''  Proceedings of DARPA Information
  Survivability Conference and Expo (DISCEX), <http://schafercorp-
  ballston.com/discex> To appear at SANS 2000,
  <http://www.sans.org/newlook/events/sans2000.htm>.  For a copy, see
  <http://immunix.org/documentation.html>.

  [Fenzi 1999] Fenzi, Kevin, and Dave Wrenski.  April 25, 1999.  Linux
  Security HOWTO.  Version 1.0.2.
  <http://www.linuxdoc.org/HOWTO/Security-HOWTO.html>

  [FreeBSD 1999] FreeBSD, Inc.  1999.  ``Secure Programming
  Guidelines.''  FreeBSD Security Information.
  <http://www.freebsd.org/security/security.html>

  [FSF 1998] Free Software Foundation.  December 17, 1999.  Overview of
  the GNU Project.  <http://www.gnu.ai.mit.edu/gnu/gnu-history.html>

  [Galvin 1998a] Galvin, Peter.  April 1998.  ``Designing Secure
  Software''.  Sunworld.
  <http://www.sunworld.com/swol-04-1998/swol-04-security.html>.
  [Galvin 1998b] Galvin, Peter.  August 1998.  ``The Unix Secure
  Programming FAQ''.  Sunworld.
  <http://www.sunworld.com/sunworldonline/swol-08-1998/swol-08-security.html>

  [Garfinkel 1996] Garfinkel, Simson and Gene Spafford.  April 1996.
  Practical UNIX & Internet Security, 2nd Edition.  ISBN 1-56592-148-8.
  Sebastopol, CA: O'Reilly & Associates, Inc.
  <http://www.oreilly.com/catalog/puis>

  [Gong 1999] Gong, Li.  June 1999.  Inside Java 2 Platform Security.
  Reading, MA: Addison Wesley Longman, Inc.  ISBN 0-201-31000-7.

  [Gundavaram Unknown] Gundavaram, Shishir, and Tom Christiansen.  Date
  Unknown.  Perl CGI Programming FAQ.
  <http://language.perl.com/CPAN/doc/FAQs/cgi/perl-cgi-faq.html>

  [Kim 1996] Kim, Eugene Eric.  1996.  CGI Developer's Guide.  SAMS.net
  Publishing.  ISBN: 1-57521-087-8 <http://www.eekim.com/pubs/cgibook>

  [Miller 1999] Miller, Todd C. and Theo de Raadt.  ``strlcpy and
  strlcat -- Consistent, Safe, String Copy and Concatenation''
  Proceedings of Usenix '99.
  <http://www.usenix.org/events/usenix99/millert.html> and
  <http://www.usenix.org/events/usenix99/full_papers/millert/PACKING_LIST>

  [OSI 1999].  Open Source Initiative.  1999.  The Open Source
  Definition.  <http://www.opensource.org/osd.html>.

  [Pfleeger 1997] Pfleeger, Charles P.  1997.  Security in Computing.
  Upper Saddle River, NJ: Prentice-Hall PTR.  ISBN 0-13-337486-6.

  [Phillips 1995] Phillips, Paul.  September 3, 1995.  Safe CGI
  Programming.  <http://www.go2net.com/people/paulp/cgi-security/safe-
  cgi.txt>

  [Raymond 1997] Raymond, Eric.  1997.  The Cathedral and the Bazaar.
  <http://www.tuxedo.org/~esr/writings/cathedral-bazaar>

  [Raymond 1998] Raymond, Eric.  April 1998.  Homesteading the
  Noosphere.
  <http://www.tuxedo.org/~esr/writings/homesteading/homesteading.html>

  [Ranum 1998] Ranum, Marcus J.  1998.  Security-critical coding for
  programmers - a C and UNIX-centric full-day tutorial.
  <http://www.clark.net/pub/mjr/pubs/pdf/>.

  [RFC 822] August 13, 1982 Standard for the Format of ARPA Internet
  Text Messages.  IETF RFC 822.  <http://www.ietf.org/rfc/rfc0822.txt>.

  [rfp 1999].  rain.forest.puppy.  ``Perl CGI problems.''  Phrack
  Magazine.  Issue 55, Article 07.  <http://www.phrack.com>.

  [Saltzer 1974] Saltzer, J.  July 1974.  ``Protection and the Control
  of Information Sharing in MULTICS.''  Communications of the ACM.  v17
  n7.  pp. 388-402.

  [Saltzer 1975] Saltzer, J., and M. Schroeder.  September 1975.  ``The
  Protection of Information in Computing Systems.''  Proceedings of the
  IEEE.  v63 n9.  pp. 1278-1308.  Summarized in [Pfleeger 1997, 286].

  [Schneier 1999] Schneier, Bruce.  September 15, 1999.  ``Open Source
  and Security.''  Crypto-Gram.  Counterpane Internet Security, Inc.
  <http://www.counterpane.com/crypto-gram-9909.html>

  [Seifried 1999] Seifried, Kurt.  October 9, 1999.  Linux
  Administrator's Security Guide.  <http://www.securityportal.com/lasg>.
  [Shostack 1999] Shostack, Adam.  June 1, 1999.  Security Code Review
  Guidelines.  <http://www.homeport.org/~adam/review.html>.

  [Sitaker 1999] Sitaker, Kragen.  Feb 26, 1999.  How to Find Security
  Holes <http://www.pobox.com/~kragen/security-holes.html> and
  <http://www.dnaco.net/~kragen/security-holes.html>

  [SSE-CMM 1999] SSE-CMM Project.  April 1999.  System Security
  Engineering Capability Maturity Model (SSE CMM) Model Description
  Document.  Version 2.0.  <http://www.sse-cmm.org>

  [Stein 1999].  Stein, Lincoln D.  September 13, 1999.  The World Wide
  Web Security FAQ.  Version 2.0.1 <http://www.w3.org/Security/Faq/www-
  security-faq.html>

  [Thompson 1974] Thompson, K. and D.M. Richie.  July 1974.  ``The UNIX
  Time-Sharing System.''  Communications of the ACM Vol. 17, No. 7.  pp.
  365-375.

  [Torvalds 1999] Torvalds, Linus.  February 1999.  ``The Story of the
  Linux Kernel.''  Open Sources: Voices from the Open Source Revolution.
  Edited by Chris Dibona, Mark Stone, and Sam Ockman.  O'Reilly and
  Associates.  ISBN 1565925823.
  <http://www.oreilly.com/catalog/opensources/book/linus.html>

  [Webber 1999] Webber Technical Services.  February 26, 1999.  Writing
  Secure Web Applications.  <http://www.webbertech.com/tips/web-
  security.html>.

  [Wood 1985] Wood, Patrick H. and Stephen G. Kochan.  1985.  Unix
  System Security.  Indianapolis, Indiana: Hayden Books.  ISBN
  0-8104-6267-2.

  [Wreski 1998] Wreski, Dave.  August 22, 1998.  Linux Security
  Administrator's Guide.  Version 0.98.
  <http://www.nic.com/~dave/SecurityAdminGuide/index.html>

  12.  ̃CZX

  ̕ 1999 David A. Wheeler ̒앨ł(Copyright (C) 1999
  David A. Wheeler)C GNU General Public License (GPL) ɂĕی삳
  ĂDĔzz͎Rɍsč\ȂD̃\[XeLXguvO
  vƉ߂āCȉ̏ɏ]ƁD

           This program is free software; you can redistribute it and/or modify
           it under the terms of the GNU General Public License as published by
           the Free Software Foundation; either version 2 of the License, or
           (at your option) any later version.

           This program is distributed in the hope that it will be useful,
           but WITHOUT ANY WARRANTY; without even the implied warranty of
           MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
           GNU General Public License for more details.

           You should have received a copy of the GNU General Public License
           along with this program; if not, write to the Free Software
           Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

  13.  {ɂ

  { Linux Japanese FAQ Project s܂D|Ɋւ邲ӌ
   JF vWFNg <JF@linux.or.jp> ɘAĂD

  ȉɎ܂D

     v1.23j, 3 Feburary 2000
        |: P <fujiwara@linux.or.jp>

        Z/Zp`FbN:

     o  rؖG <yasu@debian.or.jp>

     o  yN <satoshi@flab.fujitsu.co.jp>

     o  앐Y <nakano@apm.seikei.ac.jp>

     o  m <uv9h-hykw@asahi-net.or.jp>

     o  L <takei@cc.kochi-u.ac.jp>

