What does "defensive programming" mean?
- Program so that, if some assumption about the input or environment is wrong, the program will detect that and do something reasonable.
- Write your program carefully so it has no syntax errors.
- Assume some of the code you write will be compiled and executed incorrectly, so the program must run correctly even if that happens.
- When you test your program, use the input that you expect the user (or the environment) to supply.
Which of the following statements about a setuid program is/are true?
- A setuid program executes with the privileges of the user executing it.
- A setuid program can only access resources available to everyone.
- A setuid program gives the user executing it additional privileges during the execution.
- A setuid program always executes with the privileges of root.
Complete the sentence: A characteristic of _____ programming is that it handles internal errors gracefully.
A program needs to obtain a set of web pages over the network, as well as perform other network functions.
Which of these best describes how this should be done?
- Put the network access code in a separate module or file, and have the program call this encapsulation whenever needed.
- Put both the network access code and the error-checking code at the beginning of the program, so the rest of the program will not have to check the future accesses; if bad, this will be caught before anything is done.
- Put the network access code into the program wherever the network is accessed; this is efficient and allows you to change the code at the point in the program where it is used.
- Put both the network access code and the web page processing code into a single module, and have the program call this encapsulation whenever needed.
What is the LAND attack?
- An attack in which the attacker sends packets with the same source and destination address.
- An attack in which the attackers flood the target system with packets more quickly than the target can process it, overwhelming the target.
- An attack in which there is a path between the attackers and the target system that does not cross water.
- The first stage of a multi-stage attack that must succeed for the attack to be successful.
Which of the following is true?
- Security problems arise from the user input, so if that is rigorously checked and bad inputs handled, your program will be robust.
- Your program can be robust and secure even if the infrastructure is not.
- A non-robust, non-secure infrastructure can corrupt your program even if the code you write is completely robust and secure.
- The infrastructure underlying your program (compilers, linkers, and so forth) have been shown to be secure, so any problems that arise must have come from your program.
Consider the environment in which a program executes. You need to be concerned about the differences between that environment and the one in which the program was developed because:
- The assumptions under which the program was developed may not hold in the new environment.
- The users may enter incorrect input, causing the program to take unexpected actions.
- The configuration of the program in the new environment must present the program with the same environment is that in which it was developed.
- The system may fail, causing the program to fail.
A network server runs with no privileges.
Why is the robustness and security of this server of concern?
- The server can send invalid data to the client, causing the client to malfunction.
- The server is on a different system than the client, so the client is getting access to the server system.
- The server can refuse to answer the client, causing a denial of service.
- The server can delay responding to the client, causing a time-out and appearing to be unavailable.
Which of the following is the most correct?
- Software composed of non-secure components will usually be non-secure.
- Software composed of secure components will never be secure.
- Software composed of secure components will always be secure.
- Software composed of non-secure components will usually be secure.
Robust programming is important because:
- Doing it provides much-needed jobs for itinerant programmers
- Software engineering licensure requires understanding it
- Without it, software firms would collapse
- Programs are ubiquitous, so a lot depends on them functioning correctly
What is the best way to ensure no data is added to or removed from the system with a DVD?
- Add a filter that detects when a DVD is inserted, and blocks all input from, and output to, that DVD.
- Add code to the kernel that turns the DVD reader/writer off, so it cannot be used.
- Search all users to ensure they do not have a DVD.
- Remove the DVD reader/writer from the computer.
Why are assumptions made by a programmer and program so important to secure programming?
- The simpler the assumptions, the faster the program will run and the less chance of a vulnerability being found.
- The program should make no assumptions, as each assumption is tied to a programming error.
- The assumptions the program makes shows you what you have to trust.
- The assumptions indicate which part of the program is most secure.
A user does not trust the system administrator on a system. The administrator has root or admin access. So the user writes a program to encrypt her files when not in use, and decrypt them when she need to use them. Assuming the cipher used cannot be broken easily (for example, RSA with 4096 bit keys, or AEC-192), how good is this procedure?
- It's adequate, because the user can get the files when she needs them, but she has to go through an extra step to use them (decryption) or store them (encryption).
- It's unnecessary, because all system administrators are trustworthy; the user is wrong in not trusting him.
- It's bad, because the system administrator can read the files as they are encrypted or decrypted.
- It's very good, as the system administrator cannot read the encrypted files even though she can access any file on the system.
When writing a secure, robust program, which of the following should you check or do? (Select all that apply.)
- Erasing any passwords at the end of the program
- Error checking for non-cryptographic inputs in a cryptographic library
- Check the form of results from a DNS query