[web] Publish DCS
Petr Kovář
pmkovar at fedoraproject.org
Mon Oct 13 17:34:22 UTC 2014
commit 6ad85b9c9ccb4f8c0b2f7071cb2c1f35c70374ad
Author: Petr Kovar <pkovar at redhat.com>
Date: Mon Oct 13 19:33:48 2014 +0200
Publish DCS
fedoradocs.db | Bin 1031168 -> 1031168 bytes
public_html/Sitemap | 8 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/as-IN/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/as-IN/opds-Fedora_Core.xml | 2 +-
public_html/as-IN/opds-Fedora_Documentation.xml | 2 +-
.../as-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/as-IN/opds-Fedora_Security_Team.xml | 4 +-
public_html/as-IN/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/bg-BG/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/bg-BG/opds-Fedora_Core.xml | 2 +-
public_html/bg-BG/opds-Fedora_Documentation.xml | 2 +-
.../bg-BG/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/bg-BG/opds-Fedora_Security_Team.xml | 4 +-
public_html/bg-BG/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/bn-IN/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/bn-IN/opds-Fedora_Core.xml | 2 +-
public_html/bn-IN/opds-Fedora_Documentation.xml | 2 +-
.../bn-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/bn-IN/opds-Fedora_Security_Team.xml | 4 +-
public_html/bn-IN/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/bs-BA/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/bs-BA/opds-Fedora_Core.xml | 2 +-
public_html/bs-BA/opds-Fedora_Documentation.xml | 2 +-
.../bs-BA/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/bs-BA/opds-Fedora_Security_Team.xml | 4 +-
public_html/bs-BA/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/ca-ES/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/ca-ES/opds-Fedora_Core.xml | 2 +-
public_html/ca-ES/opds-Fedora_Documentation.xml | 2 +-
.../ca-ES/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/ca-ES/opds-Fedora_Security_Team.xml | 4 +-
public_html/ca-ES/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/cs-CZ/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/cs-CZ/opds-Fedora_Core.xml | 2 +-
public_html/cs-CZ/opds-Fedora_Documentation.xml | 2 +-
.../cs-CZ/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/cs-CZ/opds-Fedora_Security_Team.xml | 4 +-
public_html/cs-CZ/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/da-DK/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/da-DK/opds-Fedora_Core.xml | 2 +-
public_html/da-DK/opds-Fedora_Documentation.xml | 2 +-
.../da-DK/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/da-DK/opds-Fedora_Security_Team.xml | 4 +-
public_html/da-DK/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/de-DE/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/de-DE/opds-Fedora_Core.xml | 2 +-
public_html/de-DE/opds-Fedora_Documentation.xml | 2 +-
.../de-DE/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/de-DE/opds-Fedora_Security_Team.xml | 4 +-
public_html/de-DE/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/el-GR/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/el-GR/opds-Fedora_Core.xml | 2 +-
public_html/el-GR/opds-Fedora_Documentation.xml | 2 +-
.../el-GR/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/el-GR/opds-Fedora_Security_Team.xml | 4 +-
public_html/el-GR/opds.xml | 16 +-
...ora_Security_Team-1-Defensive_Coding-en-US.epub | Bin 340639 -> 352104 bytes
.../1/html-single/Defensive_Coding/index.html | 604 ++++++++++++--------
.../appe-Defensive_Coding-Revision_History.html | 9 +-
.../1/html/Defensive_Coding/ch01s02s03s05.html | 2 +-
.../1/html/Defensive_Coding/ch01s02s03s06.html | 2 +-
.../1/html/Defensive_Coding/ch01s02s03s07.html | 2 +-
.../1/html/Defensive_Coding/ch01s03s05.html | 2 +-
.../1/html/Defensive_Coding/ch04s02.html | 2 +-
.../1/html/Defensive_Coding/ch04s03.html | 4 +-
.../1/html/Defensive_Coding/ch08s02.html | 14 +-
.../1/html/Defensive_Coding/ch08s04.html | 27 +
.../1/html/Defensive_Coding/ch11s02.html | 22 +-
.../1/html/Defensive_Coding/ch11s03.html | 40 +-
.../1/html/Defensive_Coding/ch11s05.html | 24 +-
.../1/html/Defensive_Coding/ch12s02.html | 18 +-
.../1/html/Defensive_Coding/ch12s03.html | 41 ++
.../1/html/Defensive_Coding/ch12s05.html | 15 +
.../1/html/Defensive_Coding/ch13s02.html | 28 +-
.../1/html/Defensive_Coding/ch13s04.html | 27 +
.../1/html/Defensive_Coding/ch13s06.html | 15 +
.../1/html/Defensive_Coding/ch14s02.html | 31 +
.../chap-Defensive_Coding-Authentication.html | 8 +-
.../Defensive_Coding/chap-Defensive_Coding-C.html | 2 +-
.../chap-Defensive_Coding-CXX.html | 10 +-
.../chap-Defensive_Coding-Go-Error_Handling.html | 14 +-
...chap-Defensive_Coding-Go-Garbage_Collector.html | 6 +-
.../chap-Defensive_Coding-Go-Marshaling.html | 13 +
.../Defensive_Coding/chap-Defensive_Coding-Go.html | 10 +-
.../chap-Defensive_Coding-Python.html | 12 +-
.../chap-Defensive_Coding-Shell.html | 15 +
.../chap-Defensive_Coding-TLS.html | 24 +-
.../chap-Defensive_Coding-Tasks-Cryptography.html | 8 +-
.../chap-Defensive_Coding-Tasks-File_System.html | 12 +-
...chap-Defensive_Coding-Tasks-Library_Design.html | 12 +-
.../chap-Defensive_Coding-Tasks-Packaging.html | 18 +-
.../chap-Defensive_Coding-Tasks-Serialization.html | 8 +-
...Defensive_Coding-Tasks-Temporary_Directory.html | 8 +-
...hap-Defensive_Coding-Tasks-Temporary_Files.html | 12 +-
.../chap-Defensive_Coding-Vala.html | 6 +-
.../1/html/Defensive_Coding/index.html | 6 +-
.../1/html/Defensive_Coding/pt01.html | 2 +-
.../1/html/Defensive_Coding/pt02.html | 2 +-
.../1/html/Defensive_Coding/pt03.html | 2 +-
...Defensive_Coding-Authentication-Host_based.html | 6 +-
...ct-Defensive_Coding-Authentication-Netlink.html | 6 +-
...efensive_Coding-Authentication-UNIX_Domain.html | 6 +-
.../sect-Defensive_Coding-C-Allocators.html | 6 +-
.../sect-Defensive_Coding-C-Avoid.html | 8 +-
...ct-Defensive_Coding-Shell-Double_Expansion.html | 47 ++
.../sect-Defensive_Coding-Shell-Edit_Guard.html | 17 +
...ct-Defensive_Coding-Shell-Input_Validation.html | 24 +
.../sect-Defensive_Coding-Shell-Invoke.html | 21 +
.../sect-Defensive_Coding-Shell-Language.html | 23 +
.../sect-Defensive_Coding-Shell-Obscure.html | 19 +
...ect-Defensive_Coding-Shell-Temporary_Files.html | 21 +
.../sect-Defensive_Coding-Shell-Types.html | 37 ++
.../sect-Defensive_Coding-TLS-Client-GNUTLS.html | 32 +-
.../sect-Defensive_Coding-TLS-Client-NSS.html | 26 +-
.../sect-Defensive_Coding-TLS-Client-OpenJDK.html | 32 +-
.../sect-Defensive_Coding-TLS-Client-Python.html | 16 +-
.../sect-Defensive_Coding-TLS-Client.html | 32 +-
...e_Coding-Tasks-Descriptors-Child_Processes.html | 8 +-
...t-Defensive_Coding-Tasks-Descriptors-Limit.html | 6 +-
.../sect-Defensive_Coding-Tasks-Descriptors.html | 16 +-
...efensive_Coding-Tasks-File_System-Features.html | 6 +-
...Defensive_Coding-Tasks-File_System-Foreign.html | 8 +-
...ensive_Coding-Tasks-File_System-Free_Space.html | 6 +-
...-Defensive_Coding-Tasks-File_System-Limits.html | 6 +-
...sive_Coding-Tasks-Library_Design-Callbacks.html | 6 +-
...oding-Tasks-Packaging-Certificates-Service.html | 10 +-
...t-Defensive_Coding-Tasks-Processes-Daemons.html | 6 +-
...nsive_Coding-Tasks-Processes-Fork-Parallel.html | 6 +-
.../sect-Defensive_Coding-Tasks-Processes.html | 24 +-
...e_Coding-Tasks-Serialization-Fragmentation.html | 10 +-
...ct-Defensive_Coding-Tasks-Serialization-Qt.html | 18 +-
...ve_Coding-Tasks-Serialization-XML-Entities.html | 6 +-
...nsive_Coding-Tasks-Serialization-XML-Expat.html | 14 +-
...asks-Serialization-XML-OpenJDK_Parse-Other.html | 8 +-
...-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html | 16 +-
...ding-Tasks-Serialization-XML-OpenJDK_Parse.html | 24 +-
..._Coding-Tasks-Serialization-XML-Validation.html | 6 +-
...ve_Coding-Tasks-Serialization-XML-XInclude.html | 6 +-
...t-Defensive_Coding-Tasks-Serialization-XML.html | 8 +-
...dora_Security_Team-1-Defensive_Coding-en-US.pdf | Bin 649928 -> 695853 bytes
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/en-US/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/en-US/opds-Fedora_Core.xml | 2 +-
public_html/en-US/opds-Fedora_Documentation.xml | 2 +-
.../en-US/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/en-US/opds-Fedora_Security_Team.xml | 4 +-
public_html/en-US/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/es-ES/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/es-ES/opds-Fedora_Core.xml | 2 +-
public_html/es-ES/opds-Fedora_Documentation.xml | 2 +-
.../es-ES/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/es-ES/opds-Fedora_Security_Team.xml | 4 +-
public_html/es-ES/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/fa-IR/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/fa-IR/opds-Fedora_Core.xml | 2 +-
public_html/fa-IR/opds-Fedora_Documentation.xml | 2 +-
.../fa-IR/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/fa-IR/opds-Fedora_Security_Team.xml | 4 +-
public_html/fa-IR/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/fi-FI/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/fi-FI/opds-Fedora_Core.xml | 2 +-
public_html/fi-FI/opds-Fedora_Documentation.xml | 2 +-
.../fi-FI/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/fi-FI/opds-Fedora_Security_Team.xml | 4 +-
public_html/fi-FI/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/fr-FR/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/fr-FR/opds-Fedora_Core.xml | 2 +-
public_html/fr-FR/opds-Fedora_Documentation.xml | 2 +-
.../fr-FR/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/fr-FR/opds-Fedora_Security_Team.xml | 4 +-
public_html/fr-FR/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/gu-IN/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/gu-IN/opds-Fedora_Core.xml | 2 +-
public_html/gu-IN/opds-Fedora_Documentation.xml | 2 +-
.../gu-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/gu-IN/opds-Fedora_Security_Team.xml | 4 +-
public_html/gu-IN/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/he-IL/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/he-IL/opds-Fedora_Core.xml | 2 +-
public_html/he-IL/opds-Fedora_Documentation.xml | 2 +-
.../he-IL/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/he-IL/opds-Fedora_Security_Team.xml | 4 +-
public_html/he-IL/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/hi-IN/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/hi-IN/opds-Fedora_Core.xml | 2 +-
public_html/hi-IN/opds-Fedora_Documentation.xml | 2 +-
.../hi-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/hi-IN/opds-Fedora_Security_Team.xml | 4 +-
public_html/hi-IN/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/hu-HU/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/hu-HU/opds-Fedora_Core.xml | 2 +-
public_html/hu-HU/opds-Fedora_Documentation.xml | 2 +-
.../hu-HU/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/hu-HU/opds-Fedora_Security_Team.xml | 4 +-
public_html/hu-HU/opds.xml | 16 +-
.../ia/opds-Community_Services_Infrastructure.xml | 2 +-
public_html/ia/opds-Fedora.xml | 2 +-
.../ia/opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/ia/opds-Fedora_Core.xml | 2 +-
public_html/ia/opds-Fedora_Documentation.xml | 2 +-
public_html/ia/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/ia/opds-Fedora_Security_Team.xml | 4 +-
public_html/ia/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/id-ID/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/id-ID/opds-Fedora_Core.xml | 2 +-
public_html/id-ID/opds-Fedora_Documentation.xml | 2 +-
.../id-ID/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/id-ID/opds-Fedora_Security_Team.xml | 4 +-
public_html/id-ID/opds.xml | 16 +-
public_html/index.html | 2 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/it-IT/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/it-IT/opds-Fedora_Core.xml | 2 +-
public_html/it-IT/opds-Fedora_Documentation.xml | 2 +-
.../it-IT/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/it-IT/opds-Fedora_Security_Team.xml | 4 +-
public_html/it-IT/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/ja-JP/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/ja-JP/opds-Fedora_Core.xml | 2 +-
public_html/ja-JP/opds-Fedora_Documentation.xml | 2 +-
.../ja-JP/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/ja-JP/opds-Fedora_Security_Team.xml | 4 +-
public_html/ja-JP/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/kn-IN/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/kn-IN/opds-Fedora_Core.xml | 2 +-
public_html/kn-IN/opds-Fedora_Documentation.xml | 2 +-
.../kn-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/kn-IN/opds-Fedora_Security_Team.xml | 4 +-
public_html/kn-IN/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/ko-KR/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/ko-KR/opds-Fedora_Core.xml | 2 +-
public_html/ko-KR/opds-Fedora_Documentation.xml | 2 +-
.../ko-KR/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/ko-KR/opds-Fedora_Security_Team.xml | 4 +-
public_html/ko-KR/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/lt-LT/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/lt-LT/opds-Fedora_Core.xml | 2 +-
public_html/lt-LT/opds-Fedora_Documentation.xml | 2 +-
.../lt-LT/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/lt-LT/opds-Fedora_Security_Team.xml | 4 +-
public_html/lt-LT/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/ml-IN/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/ml-IN/opds-Fedora_Core.xml | 2 +-
public_html/ml-IN/opds-Fedora_Documentation.xml | 2 +-
.../ml-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/ml-IN/opds-Fedora_Security_Team.xml | 4 +-
public_html/ml-IN/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/mr-IN/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/mr-IN/opds-Fedora_Core.xml | 2 +-
public_html/mr-IN/opds-Fedora_Documentation.xml | 2 +-
.../mr-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/mr-IN/opds-Fedora_Security_Team.xml | 4 +-
public_html/mr-IN/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/nb-NO/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/nb-NO/opds-Fedora_Core.xml | 2 +-
public_html/nb-NO/opds-Fedora_Documentation.xml | 2 +-
.../nb-NO/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/nb-NO/opds-Fedora_Security_Team.xml | 4 +-
public_html/nb-NO/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/nl-NL/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/nl-NL/opds-Fedora_Core.xml | 2 +-
public_html/nl-NL/opds-Fedora_Documentation.xml | 2 +-
.../nl-NL/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/nl-NL/opds-Fedora_Security_Team.xml | 4 +-
public_html/nl-NL/opds.xml | 16 +-
public_html/opds.xml | 92 ++--
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/or-IN/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/or-IN/opds-Fedora_Core.xml | 2 +-
public_html/or-IN/opds-Fedora_Documentation.xml | 2 +-
.../or-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/or-IN/opds-Fedora_Security_Team.xml | 4 +-
public_html/or-IN/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/pa-IN/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/pa-IN/opds-Fedora_Core.xml | 2 +-
public_html/pa-IN/opds-Fedora_Documentation.xml | 2 +-
.../pa-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/pa-IN/opds-Fedora_Security_Team.xml | 4 +-
public_html/pa-IN/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/pl-PL/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/pl-PL/opds-Fedora_Core.xml | 2 +-
public_html/pl-PL/opds-Fedora_Documentation.xml | 2 +-
.../pl-PL/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/pl-PL/opds-Fedora_Security_Team.xml | 4 +-
public_html/pl-PL/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/pt-BR/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/pt-BR/opds-Fedora_Core.xml | 2 +-
public_html/pt-BR/opds-Fedora_Documentation.xml | 2 +-
.../pt-BR/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/pt-BR/opds-Fedora_Security_Team.xml | 4 +-
public_html/pt-BR/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/pt-PT/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/pt-PT/opds-Fedora_Core.xml | 2 +-
public_html/pt-PT/opds-Fedora_Documentation.xml | 2 +-
.../pt-PT/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/pt-PT/opds-Fedora_Security_Team.xml | 4 +-
public_html/pt-PT/opds.xml | 16 +-
.../ro/opds-Community_Services_Infrastructure.xml | 2 +-
public_html/ro/opds-Fedora.xml | 2 +-
.../ro/opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/ro/opds-Fedora_Core.xml | 2 +-
public_html/ro/opds-Fedora_Documentation.xml | 2 +-
public_html/ro/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/ro/opds-Fedora_Security_Team.xml | 4 +-
public_html/ro/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/ru-RU/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/ru-RU/opds-Fedora_Core.xml | 2 +-
public_html/ru-RU/opds-Fedora_Documentation.xml | 2 +-
.../ru-RU/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/ru-RU/opds-Fedora_Security_Team.xml | 4 +-
public_html/ru-RU/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/sk-SK/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/sk-SK/opds-Fedora_Core.xml | 2 +-
public_html/sk-SK/opds-Fedora_Documentation.xml | 2 +-
.../sk-SK/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/sk-SK/opds-Fedora_Security_Team.xml | 4 +-
public_html/sk-SK/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/sr-Latn-RS/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/sr-Latn-RS/opds-Fedora_Core.xml | 2 +-
.../sr-Latn-RS/opds-Fedora_Documentation.xml | 2 +-
.../sr-Latn-RS/opds-Fedora_Draft_Documentation.xml | 2 +-
.../sr-Latn-RS/opds-Fedora_Security_Team.xml | 4 +-
public_html/sr-Latn-RS/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/sr-RS/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/sr-RS/opds-Fedora_Core.xml | 2 +-
public_html/sr-RS/opds-Fedora_Documentation.xml | 2 +-
.../sr-RS/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/sr-RS/opds-Fedora_Security_Team.xml | 4 +-
public_html/sr-RS/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/sv-SE/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/sv-SE/opds-Fedora_Core.xml | 2 +-
public_html/sv-SE/opds-Fedora_Documentation.xml | 2 +-
.../sv-SE/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/sv-SE/opds-Fedora_Security_Team.xml | 4 +-
public_html/sv-SE/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/ta-IN/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/ta-IN/opds-Fedora_Core.xml | 2 +-
public_html/ta-IN/opds-Fedora_Documentation.xml | 2 +-
.../ta-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/ta-IN/opds-Fedora_Security_Team.xml | 4 +-
public_html/ta-IN/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/te-IN/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/te-IN/opds-Fedora_Core.xml | 2 +-
public_html/te-IN/opds-Fedora_Documentation.xml | 2 +-
.../te-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/te-IN/opds-Fedora_Security_Team.xml | 4 +-
public_html/te-IN/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/uk-UA/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/uk-UA/opds-Fedora_Core.xml | 2 +-
public_html/uk-UA/opds-Fedora_Documentation.xml | 2 +-
.../uk-UA/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/uk-UA/opds-Fedora_Security_Team.xml | 4 +-
public_html/uk-UA/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/zh-CN/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/zh-CN/opds-Fedora_Core.xml | 2 +-
public_html/zh-CN/opds-Fedora_Documentation.xml | 2 +-
.../zh-CN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/zh-CN/opds-Fedora_Security_Team.xml | 4 +-
public_html/zh-CN/opds.xml | 16 +-
.../opds-Community_Services_Infrastructure.xml | 2 +-
public_html/zh-TW/opds-Fedora.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/zh-TW/opds-Fedora_Core.xml | 2 +-
public_html/zh-TW/opds-Fedora_Documentation.xml | 2 +-
.../zh-TW/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/zh-TW/opds-Fedora_Security_Team.xml | 4 +-
public_html/zh-TW/opds.xml | 16 +-
448 files changed, 1898 insertions(+), 1386 deletions(-)
---
diff --git a/fedoradocs.db b/fedoradocs.db
index 3aa3b19..8e170d0 100755
Binary files a/fedoradocs.db and b/fedoradocs.db differ
diff --git a/public_html/Sitemap b/public_html/Sitemap
index 41cb8a5..1b958da 100644
--- a/public_html/Sitemap
+++ b/public_html/Sitemap
@@ -5720,25 +5720,25 @@
</url>
<url>
<loc>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub</loc>
- <lastmod>2014-07-21</lastmod>
+ <lastmod>2014-10-13</lastmod>
<changefreq>monthly</changefreq>
<priority>0.8</priority>
</url>
<url>
<loc>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html</loc>
- <lastmod>2014-07-21</lastmod>
+ <lastmod>2014-10-13</lastmod>
<changefreq>monthly</changefreq>
<priority>0.8</priority>
</url>
<url>
<loc>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/html-single/Defensive_Coding/index.html</loc>
- <lastmod>2014-07-21</lastmod>
+ <lastmod>2014-10-13</lastmod>
<changefreq>monthly</changefreq>
<priority>0.8</priority>
</url>
<url>
<loc>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf</loc>
- <lastmod>2014-07-21</lastmod>
+ <lastmod>2014-10-13</lastmod>
<changefreq>monthly</changefreq>
<priority>0.8</priority>
</url>
diff --git a/public_html/as-IN/opds-Community_Services_Infrastructure.xml b/public_html/as-IN/opds-Community_Services_Infrastructure.xml
index 31c4018..c68fc9d 100644
--- a/public_html/as-IN/opds-Community_Services_Infrastructure.xml
+++ b/public_html/as-IN/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/as-IN/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:37</updated>
+ <updated>2014-10-13T17:32:38</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/as-IN/opds-Fedora.xml b/public_html/as-IN/opds-Fedora.xml
index 5b629d9..298a79f 100644
--- a/public_html/as-IN/opds-Fedora.xml
+++ b/public_html/as-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/as-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:37</updated>
+ <updated>2014-10-13T17:32:39</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/as-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/as-IN/opds-Fedora_Contributor_Documentation.xml
index b52bc0a..cacf556 100644
--- a/public_html/as-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/as-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/as-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-08-04T20:51:37</updated>
+ <updated>2014-10-13T17:32:39</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/as-IN/opds-Fedora_Core.xml b/public_html/as-IN/opds-Fedora_Core.xml
index f3463fa..7b50910 100644
--- a/public_html/as-IN/opds-Fedora_Core.xml
+++ b/public_html/as-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/as-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:37</updated>
+ <updated>2014-10-13T17:32:39</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/as-IN/opds-Fedora_Documentation.xml b/public_html/as-IN/opds-Fedora_Documentation.xml
index 29838e7..afdbc2c 100644
--- a/public_html/as-IN/opds-Fedora_Documentation.xml
+++ b/public_html/as-IN/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/as-IN/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:37</updated>
+ <updated>2014-10-13T17:32:39</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/as-IN/opds-Fedora_Draft_Documentation.xml b/public_html/as-IN/opds-Fedora_Draft_Documentation.xml
index c9304c1..489ad37 100644
--- a/public_html/as-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/as-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/as-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:37</updated>
+ <updated>2014-10-13T17:32:39</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/as-IN/opds-Fedora_Security_Team.xml b/public_html/as-IN/opds-Fedora_Security_Team.xml
index 6ebc932..c51d048 100644
--- a/public_html/as-IN/opds-Fedora_Security_Team.xml
+++ b/public_html/as-IN/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/as-IN/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:37</updated>
+ <updated>2014-10-13T17:32:39</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>as-IN</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/as-IN/opds.xml b/public_html/as-IN/opds.xml
index 4592cca..907968e 100644
--- a/public_html/as-IN/opds.xml
+++ b/public_html/as-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/as-IN/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:39</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/as-IN/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:37</updated>
+ <updated>2014-10-13T17:32:38</updated>
<dc:language>as-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/as-IN/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:37</updated>
+ <updated>2014-10-13T17:32:39</updated>
<dc:language>as-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/as-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:37</updated>
+ <updated>2014-10-13T17:32:39</updated>
<dc:language>as-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/as-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:37</updated>
+ <updated>2014-10-13T17:32:39</updated>
<dc:language>as-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/as-IN/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:37</updated>
+ <updated>2014-10-13T17:32:39</updated>
<dc:language>as-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/as-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:37</updated>
+ <updated>2014-10-13T17:32:39</updated>
<dc:language>as-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/as-IN/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:37</updated>
+ <updated>2014-10-13T17:32:39</updated>
<dc:language>as-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/bg-BG/opds-Community_Services_Infrastructure.xml b/public_html/bg-BG/opds-Community_Services_Infrastructure.xml
index 753e723..04a132c 100644
--- a/public_html/bg-BG/opds-Community_Services_Infrastructure.xml
+++ b/public_html/bg-BG/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bg-BG/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:39</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bg-BG/opds-Fedora.xml b/public_html/bg-BG/opds-Fedora.xml
index 86bee0d..f903027 100644
--- a/public_html/bg-BG/opds-Fedora.xml
+++ b/public_html/bg-BG/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bg-BG/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bg-BG/opds-Fedora_Contributor_Documentation.xml b/public_html/bg-BG/opds-Fedora_Contributor_Documentation.xml
index 345cb7c..2627ee3 100644
--- a/public_html/bg-BG/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/bg-BG/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bg-BG/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bg-BG/opds-Fedora_Core.xml b/public_html/bg-BG/opds-Fedora_Core.xml
index 78bac5e..98dff50 100644
--- a/public_html/bg-BG/opds-Fedora_Core.xml
+++ b/public_html/bg-BG/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bg-BG/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bg-BG/opds-Fedora_Documentation.xml b/public_html/bg-BG/opds-Fedora_Documentation.xml
index e152a51..d1ef7eb 100644
--- a/public_html/bg-BG/opds-Fedora_Documentation.xml
+++ b/public_html/bg-BG/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bg-BG/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bg-BG/opds-Fedora_Draft_Documentation.xml b/public_html/bg-BG/opds-Fedora_Draft_Documentation.xml
index f4b2236..77faf8c 100644
--- a/public_html/bg-BG/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/bg-BG/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bg-BG/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bg-BG/opds-Fedora_Security_Team.xml b/public_html/bg-BG/opds-Fedora_Security_Team.xml
index b1fe91d..2c64ae8 100644
--- a/public_html/bg-BG/opds-Fedora_Security_Team.xml
+++ b/public_html/bg-BG/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bg-BG/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>bg-BG</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/bg-BG/opds.xml b/public_html/bg-BG/opds.xml
index 8bfecf0..46b4338 100644
--- a/public_html/bg-BG/opds.xml
+++ b/public_html/bg-BG/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/bg-BG/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/bg-BG/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:39</updated>
<dc:language>bg-BG</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/bg-BG/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<dc:language>bg-BG</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/bg-BG/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<dc:language>bg-BG</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/bg-BG/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<dc:language>bg-BG</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/bg-BG/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<dc:language>bg-BG</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/bg-BG/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<dc:language>bg-BG</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/bg-BG/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<dc:language>bg-BG</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/bn-IN/opds-Community_Services_Infrastructure.xml b/public_html/bn-IN/opds-Community_Services_Infrastructure.xml
index 5107d9f..ed72732 100644
--- a/public_html/bn-IN/opds-Community_Services_Infrastructure.xml
+++ b/public_html/bn-IN/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bn-IN/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bn-IN/opds-Fedora.xml b/public_html/bn-IN/opds-Fedora.xml
index f5f819f..35c5979 100644
--- a/public_html/bn-IN/opds-Fedora.xml
+++ b/public_html/bn-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bn-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bn-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/bn-IN/opds-Fedora_Contributor_Documentation.xml
index dffba79..df0db68 100644
--- a/public_html/bn-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/bn-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bn-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bn-IN/opds-Fedora_Core.xml b/public_html/bn-IN/opds-Fedora_Core.xml
index 772df67..36724d3 100644
--- a/public_html/bn-IN/opds-Fedora_Core.xml
+++ b/public_html/bn-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bn-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bn-IN/opds-Fedora_Documentation.xml b/public_html/bn-IN/opds-Fedora_Documentation.xml
index 435e748..2217610 100644
--- a/public_html/bn-IN/opds-Fedora_Documentation.xml
+++ b/public_html/bn-IN/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bn-IN/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bn-IN/opds-Fedora_Draft_Documentation.xml b/public_html/bn-IN/opds-Fedora_Draft_Documentation.xml
index 2ebec47..f151fa6 100644
--- a/public_html/bn-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/bn-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bn-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bn-IN/opds-Fedora_Security_Team.xml b/public_html/bn-IN/opds-Fedora_Security_Team.xml
index c8b8d26..e61d99c 100644
--- a/public_html/bn-IN/opds-Fedora_Security_Team.xml
+++ b/public_html/bn-IN/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bn-IN/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>bn-IN</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/bn-IN/opds.xml b/public_html/bn-IN/opds.xml
index 1aafd5a..b16c73d 100644
--- a/public_html/bn-IN/opds.xml
+++ b/public_html/bn-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/bn-IN/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/bn-IN/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<dc:language>bn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/bn-IN/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<dc:language>bn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/bn-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<dc:language>bn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/bn-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<dc:language>bn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/bn-IN/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<dc:language>bn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/bn-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<dc:language>bn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/bn-IN/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<dc:language>bn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/bs-BA/opds-Community_Services_Infrastructure.xml b/public_html/bs-BA/opds-Community_Services_Infrastructure.xml
index 4e7ee81..45297b3 100644
--- a/public_html/bs-BA/opds-Community_Services_Infrastructure.xml
+++ b/public_html/bs-BA/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bs-BA/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bs-BA/opds-Fedora.xml b/public_html/bs-BA/opds-Fedora.xml
index 853ceda..732d1be 100644
--- a/public_html/bs-BA/opds-Fedora.xml
+++ b/public_html/bs-BA/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bs-BA/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bs-BA/opds-Fedora_Contributor_Documentation.xml b/public_html/bs-BA/opds-Fedora_Contributor_Documentation.xml
index f7b4554..0aa89b7 100644
--- a/public_html/bs-BA/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/bs-BA/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bs-BA/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bs-BA/opds-Fedora_Core.xml b/public_html/bs-BA/opds-Fedora_Core.xml
index 7f34261..31c636a 100644
--- a/public_html/bs-BA/opds-Fedora_Core.xml
+++ b/public_html/bs-BA/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bs-BA/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bs-BA/opds-Fedora_Documentation.xml b/public_html/bs-BA/opds-Fedora_Documentation.xml
index 70c687c..a3daf32 100644
--- a/public_html/bs-BA/opds-Fedora_Documentation.xml
+++ b/public_html/bs-BA/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bs-BA/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bs-BA/opds-Fedora_Draft_Documentation.xml b/public_html/bs-BA/opds-Fedora_Draft_Documentation.xml
index 5a6c9fe..578e9a7 100644
--- a/public_html/bs-BA/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/bs-BA/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bs-BA/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bs-BA/opds-Fedora_Security_Team.xml b/public_html/bs-BA/opds-Fedora_Security_Team.xml
index 5053c6d..726bb94 100644
--- a/public_html/bs-BA/opds-Fedora_Security_Team.xml
+++ b/public_html/bs-BA/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bs-BA/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>bs-BA</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/bs-BA/opds.xml b/public_html/bs-BA/opds.xml
index 9eee1fb..db36d07 100644
--- a/public_html/bs-BA/opds.xml
+++ b/public_html/bs-BA/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/bs-BA/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/bs-BA/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<dc:language>bs-BA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/bs-BA/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<dc:language>bs-BA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/bs-BA/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<dc:language>bs-BA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/bs-BA/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<dc:language>bs-BA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/bs-BA/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<dc:language>bs-BA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/bs-BA/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<dc:language>bs-BA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/bs-BA/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<dc:language>bs-BA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/ca-ES/opds-Community_Services_Infrastructure.xml b/public_html/ca-ES/opds-Community_Services_Infrastructure.xml
index 11d2a2c..5933abe 100644
--- a/public_html/ca-ES/opds-Community_Services_Infrastructure.xml
+++ b/public_html/ca-ES/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ca-ES/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ca-ES/opds-Fedora.xml b/public_html/ca-ES/opds-Fedora.xml
index 4373c32..b889e8f 100644
--- a/public_html/ca-ES/opds-Fedora.xml
+++ b/public_html/ca-ES/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ca-ES/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ca-ES/opds-Fedora_Contributor_Documentation.xml b/public_html/ca-ES/opds-Fedora_Contributor_Documentation.xml
index 5c6633b..727ae0d 100644
--- a/public_html/ca-ES/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/ca-ES/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ca-ES/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ca-ES/opds-Fedora_Core.xml b/public_html/ca-ES/opds-Fedora_Core.xml
index d21c58f..f5063be 100644
--- a/public_html/ca-ES/opds-Fedora_Core.xml
+++ b/public_html/ca-ES/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ca-ES/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ca-ES/opds-Fedora_Documentation.xml b/public_html/ca-ES/opds-Fedora_Documentation.xml
index 2a91106..5e6121c 100644
--- a/public_html/ca-ES/opds-Fedora_Documentation.xml
+++ b/public_html/ca-ES/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ca-ES/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ca-ES/opds-Fedora_Draft_Documentation.xml b/public_html/ca-ES/opds-Fedora_Draft_Documentation.xml
index e70e664..741ef34 100644
--- a/public_html/ca-ES/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/ca-ES/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ca-ES/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ca-ES/opds-Fedora_Security_Team.xml b/public_html/ca-ES/opds-Fedora_Security_Team.xml
index f5edb77..53c7855 100644
--- a/public_html/ca-ES/opds-Fedora_Security_Team.xml
+++ b/public_html/ca-ES/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ca-ES/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>ca-ES</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/ca-ES/opds.xml b/public_html/ca-ES/opds.xml
index a9c3e62..3605b84 100644
--- a/public_html/ca-ES/opds.xml
+++ b/public_html/ca-ES/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/ca-ES/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:40</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/ca-ES/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<dc:language>ca-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/ca-ES/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<dc:language>ca-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/ca-ES/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<dc:language>ca-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/ca-ES/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<dc:language>ca-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/ca-ES/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<dc:language>ca-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/ca-ES/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<dc:language>ca-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/ca-ES/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<dc:language>ca-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/cs-CZ/opds-Community_Services_Infrastructure.xml b/public_html/cs-CZ/opds-Community_Services_Infrastructure.xml
index 9504de9..05b6ea5 100644
--- a/public_html/cs-CZ/opds-Community_Services_Infrastructure.xml
+++ b/public_html/cs-CZ/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/cs-CZ/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:40</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/cs-CZ/opds-Fedora.xml b/public_html/cs-CZ/opds-Fedora.xml
index 9cc4f35..694bfa3 100644
--- a/public_html/cs-CZ/opds-Fedora.xml
+++ b/public_html/cs-CZ/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/cs-CZ/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/cs-CZ/opds-Fedora_Contributor_Documentation.xml b/public_html/cs-CZ/opds-Fedora_Contributor_Documentation.xml
index 344e12e..0de482e 100644
--- a/public_html/cs-CZ/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/cs-CZ/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/cs-CZ/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/cs-CZ/opds-Fedora_Core.xml b/public_html/cs-CZ/opds-Fedora_Core.xml
index 15e5d0e..e9bafc2 100644
--- a/public_html/cs-CZ/opds-Fedora_Core.xml
+++ b/public_html/cs-CZ/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/cs-CZ/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/cs-CZ/opds-Fedora_Documentation.xml b/public_html/cs-CZ/opds-Fedora_Documentation.xml
index a0d1d4a..c9a4e46 100644
--- a/public_html/cs-CZ/opds-Fedora_Documentation.xml
+++ b/public_html/cs-CZ/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/cs-CZ/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/cs-CZ/opds-Fedora_Draft_Documentation.xml b/public_html/cs-CZ/opds-Fedora_Draft_Documentation.xml
index a3d5e65..cc9d9d5 100644
--- a/public_html/cs-CZ/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/cs-CZ/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/cs-CZ/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/cs-CZ/opds-Fedora_Security_Team.xml b/public_html/cs-CZ/opds-Fedora_Security_Team.xml
index da85c96..f91cc90 100644
--- a/public_html/cs-CZ/opds-Fedora_Security_Team.xml
+++ b/public_html/cs-CZ/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/cs-CZ/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>cs-CZ</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/cs-CZ/opds.xml b/public_html/cs-CZ/opds.xml
index aa2b62c..ab1ed06 100644
--- a/public_html/cs-CZ/opds.xml
+++ b/public_html/cs-CZ/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/cs-CZ/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/cs-CZ/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:40</updated>
<dc:language>cs-CZ</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/cs-CZ/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>cs-CZ</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/cs-CZ/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>cs-CZ</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/cs-CZ/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>cs-CZ</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/cs-CZ/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>cs-CZ</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/cs-CZ/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>cs-CZ</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/cs-CZ/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>cs-CZ</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/da-DK/opds-Community_Services_Infrastructure.xml b/public_html/da-DK/opds-Community_Services_Infrastructure.xml
index 798e60c..89103cf 100644
--- a/public_html/da-DK/opds-Community_Services_Infrastructure.xml
+++ b/public_html/da-DK/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/da-DK/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/da-DK/opds-Fedora.xml b/public_html/da-DK/opds-Fedora.xml
index d177d51..75d0a52 100644
--- a/public_html/da-DK/opds-Fedora.xml
+++ b/public_html/da-DK/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/da-DK/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/da-DK/opds-Fedora_Contributor_Documentation.xml b/public_html/da-DK/opds-Fedora_Contributor_Documentation.xml
index 0894b95..7ae0fda 100644
--- a/public_html/da-DK/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/da-DK/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/da-DK/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/da-DK/opds-Fedora_Core.xml b/public_html/da-DK/opds-Fedora_Core.xml
index 590e203..8dd84c5 100644
--- a/public_html/da-DK/opds-Fedora_Core.xml
+++ b/public_html/da-DK/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/da-DK/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/da-DK/opds-Fedora_Documentation.xml b/public_html/da-DK/opds-Fedora_Documentation.xml
index c2b4e1c..b166c98 100644
--- a/public_html/da-DK/opds-Fedora_Documentation.xml
+++ b/public_html/da-DK/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/da-DK/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/da-DK/opds-Fedora_Draft_Documentation.xml b/public_html/da-DK/opds-Fedora_Draft_Documentation.xml
index 293b1b2..3220b42 100644
--- a/public_html/da-DK/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/da-DK/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/da-DK/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/da-DK/opds-Fedora_Security_Team.xml b/public_html/da-DK/opds-Fedora_Security_Team.xml
index be6e97a..47892ea 100644
--- a/public_html/da-DK/opds-Fedora_Security_Team.xml
+++ b/public_html/da-DK/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/da-DK/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>da-DK</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/da-DK/opds.xml b/public_html/da-DK/opds.xml
index d3b1f83..864bb4c 100644
--- a/public_html/da-DK/opds.xml
+++ b/public_html/da-DK/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/da-DK/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/da-DK/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>da-DK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/da-DK/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>da-DK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/da-DK/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>da-DK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/da-DK/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>da-DK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/da-DK/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>da-DK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/da-DK/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>da-DK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/da-DK/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>da-DK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/de-DE/opds-Community_Services_Infrastructure.xml b/public_html/de-DE/opds-Community_Services_Infrastructure.xml
index 659a756..3d5e7c6 100644
--- a/public_html/de-DE/opds-Community_Services_Infrastructure.xml
+++ b/public_html/de-DE/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/de-DE/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/de-DE/opds-Fedora.xml b/public_html/de-DE/opds-Fedora.xml
index f21ba00..57c2d69 100644
--- a/public_html/de-DE/opds-Fedora.xml
+++ b/public_html/de-DE/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/de-DE/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/de-DE/opds-Fedora_Contributor_Documentation.xml b/public_html/de-DE/opds-Fedora_Contributor_Documentation.xml
index 26d86f4..b375e46 100644
--- a/public_html/de-DE/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/de-DE/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/de-DE/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/de-DE/opds-Fedora_Core.xml b/public_html/de-DE/opds-Fedora_Core.xml
index 422135a..d4e9304 100644
--- a/public_html/de-DE/opds-Fedora_Core.xml
+++ b/public_html/de-DE/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/de-DE/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/de-DE/opds-Fedora_Documentation.xml b/public_html/de-DE/opds-Fedora_Documentation.xml
index 7466fe8..e9f9572 100644
--- a/public_html/de-DE/opds-Fedora_Documentation.xml
+++ b/public_html/de-DE/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/de-DE/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/de-DE/opds-Fedora_Draft_Documentation.xml b/public_html/de-DE/opds-Fedora_Draft_Documentation.xml
index 064356d..47ea2f6 100644
--- a/public_html/de-DE/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/de-DE/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/de-DE/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/de-DE/opds-Fedora_Security_Team.xml b/public_html/de-DE/opds-Fedora_Security_Team.xml
index 90a0f98..7cb71a8 100644
--- a/public_html/de-DE/opds-Fedora_Security_Team.xml
+++ b/public_html/de-DE/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/de-DE/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>de-DE</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/de-DE/opds.xml b/public_html/de-DE/opds.xml
index 00ab2ee..44cea38 100644
--- a/public_html/de-DE/opds.xml
+++ b/public_html/de-DE/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/de-DE/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/de-DE/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>de-DE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/de-DE/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>de-DE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/de-DE/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>de-DE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/de-DE/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>de-DE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/de-DE/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>de-DE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/de-DE/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>de-DE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/de-DE/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>de-DE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/el-GR/opds-Community_Services_Infrastructure.xml b/public_html/el-GR/opds-Community_Services_Infrastructure.xml
index 3ce3b20..c82184b 100644
--- a/public_html/el-GR/opds-Community_Services_Infrastructure.xml
+++ b/public_html/el-GR/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/el-GR/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/el-GR/opds-Fedora.xml b/public_html/el-GR/opds-Fedora.xml
index 6bce6e3..3635dc5 100644
--- a/public_html/el-GR/opds-Fedora.xml
+++ b/public_html/el-GR/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/el-GR/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/el-GR/opds-Fedora_Contributor_Documentation.xml b/public_html/el-GR/opds-Fedora_Contributor_Documentation.xml
index a0d5c14..6f43c76 100644
--- a/public_html/el-GR/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/el-GR/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/el-GR/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/el-GR/opds-Fedora_Core.xml b/public_html/el-GR/opds-Fedora_Core.xml
index bd10a60..149ed38 100644
--- a/public_html/el-GR/opds-Fedora_Core.xml
+++ b/public_html/el-GR/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/el-GR/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/el-GR/opds-Fedora_Documentation.xml b/public_html/el-GR/opds-Fedora_Documentation.xml
index 5b2faad..e4653e3 100644
--- a/public_html/el-GR/opds-Fedora_Documentation.xml
+++ b/public_html/el-GR/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/el-GR/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/el-GR/opds-Fedora_Draft_Documentation.xml b/public_html/el-GR/opds-Fedora_Draft_Documentation.xml
index 430ffe4..617e398 100644
--- a/public_html/el-GR/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/el-GR/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/el-GR/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/el-GR/opds-Fedora_Security_Team.xml b/public_html/el-GR/opds-Fedora_Security_Team.xml
index c67601f..a0f2ca4 100644
--- a/public_html/el-GR/opds-Fedora_Security_Team.xml
+++ b/public_html/el-GR/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/el-GR/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>el-GR</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/el-GR/opds.xml b/public_html/el-GR/opds.xml
index a557f12..7cd497b 100644
--- a/public_html/el-GR/opds.xml
+++ b/public_html/el-GR/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/el-GR/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/el-GR/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>el-GR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/el-GR/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>el-GR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/el-GR/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>el-GR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/el-GR/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>el-GR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/el-GR/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>el-GR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/el-GR/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>el-GR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/el-GR/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>el-GR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub b/public_html/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub
index 54d2dfb..13772a3 100644
Binary files a/public_html/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub and b/public_html/en-US/Fedora_Security_Team/1/epub/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.epub differ
diff --git a/public_html/en-US/Fedora_Security_Team/1/html-single/Defensive_Coding/index.html b/public_html/en-US/Fedora_Security_Team/1/html-single/Defensive_Coding/index.html
index 733d609..1f10f31 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html-single/Defensive_Coding/index.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html-single/Defensive_Coding/index.html
@@ -6,10 +6,10 @@
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><div xml:lang="en-US" class="book" id="idm225446880576" lang="en-US"><div class="titlepage"><div><div class="producttitle" font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><span class="productname">Fedora Security Team</span> <span class="productnumber"></span></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h1 id="idm225446880576" class="title">Defensive
Coding</h1></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h2 class="subtitle">A Guide to Improving Software Security</h2></div><p class="edition">Edition 1</p><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h3 class="corpauthor">
+ </script></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><div xml:lang="en-US" class="book" id="idm225448564896" lang="en-US"><div class="titlepage"><div><div class="producttitle" font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><span class="productname">Fedora Security Team</span> <span class="productnumber"></span></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h1 id="idm225448564896" class="title">Defensive
Coding</h1></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h2 class="subtitle">A Guide to Improving Software Security</h2></div><p class="edition">Edition 1</p><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h3 class="corpauthor">
<span class="inlinemediaobject"><object data="Common_Content/images/title_logo.svg" type="image/svg+xml"> </object></span>
- </h3></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><div xml:lang="en-US" class="authorgroup" lang="en-US"><div class="author"><h3 class="author"><span class="firstname">Florian</span> <span class="surname">Weimer</span></h3><div class="affiliation"><span class="orgname">Red Hat</span> <span class="orgdiv">Product Security Team</span></div><code class="email"><a class="email" href="mailto:fweimer at redhat.com">fweimer at redhat.com</a></code></div></div></div><hr /><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><div id="idm225468071376" class="legalnotice"><h1 class="legalnotice">Legal Notice</h1><div class="para">
+ </h3></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><div xml:lang="en-US" class="authorgroup" lang="en-US"><div class="author"><h3 class="author"><span class="firstname">Florian</span> <span class="surname">Weimer</span></h3><div class="affiliation"><span class="orgname">Red Hat</span> <span class="orgdiv">Product Security Team</span></div><code class="email"><a class="email" href="mailto:fweimer at redhat.com">fweimer at redhat.com</a></code></div></div></div><hr /><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><div id="idm225436144016" class="legalnotice"><h1 class="legalnotice">Legal Notice</h1><div class="para">
Copyright <span class="trademark"></span>© 2012-2014 Red Hat, Inc.
</div><div class="para">
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at <a href="http://creativecommons.org/licenses/by-sa/3.0/">http://creativecommons.org/licenses/by-sa/3.0/</a>. The original authors of this document, and Red Hat, designate the Fedora Project as the "Attribution Party" for purposes of CC-BY-SA. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
@@ -31,7 +31,7 @@
All other trademarks are the property of their respective owners.
</div></div></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><div class="abstract"><h6>Abstract</h6><div class="para">
This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.
- </div></div></div></div><hr /></div><div class="toc"><dl class="toc"><dt><span class="part"><a href="#idm225447251568">I. Programming Languages</a></span></dt><dd><dl><dt><span class="chapter"><a href="#chap-Defensive_Coding-C">1. The C Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Language">1.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Undefined">1.1.1. Undefined behavior</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Pointers">1.1.2. Recommendations for pointers and array handling</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Arithmetic">1.1.3. Recommendations for integer arithmetic</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Globals">1.1.4. Global variables</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-C-Libc">1.2. The C standard l
ibrary</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Absolutely-Banned">1.2.1. Absolutely banned interfaces</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Avoid">1.2.2. Functions to avoid</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-String-Functions-Length">1.2.3. String Functions With Explicit Length Arguments</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-C-Allocators">1.3. Memory allocators</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225450178096">1.3.1. <code class="function">malloc</code> and related functions</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Allocators-alloca">1.3.2. <code class="function">alloca</code> and other forms of stack-based allocation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Allocators-Arrays">1.3.3. Array allocation</a></span></dt><dt><s
pan class="section"><a href="#sect-Defensive_Coding-C-Allocators-Custom">1.3.4. Custom memory allocators</a></span></dt><dt><span class="section"><a href="#idm225434627312">1.3.5. Conservative garbage collection</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-C-Other">1.4. Other C-related topics</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Wrapper-Functions">1.4.1. Wrapper functions</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-CXX">2. The C++ Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Language">2.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225489138080">2.1.1. Array allocation with <code class="literal">operator new[]</code></a></span></dt><dt><span class="section"><a href="#idm225496547824">2.1.2. Overloading</a></span></dt><dt><span class="section"><a hr
ef="#idm225489139440">2.1.3. ABI compatibility and preparing for security updates</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Language-CXX11">2.1.4. C++0X and C++11 support</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std">2.2. The C++ standard library</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std-Functions">2.2.1. Functions that are difficult to use</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std-String">2.2.2. String handling with <code class="literal">std::string</code></a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std-Subscript">2.2.3. Containers and <code class="literal">operator[]</code></a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std-Iterators">2.2.4. Iterators</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Java
">3. The Java Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language">3.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language-ReadArray">3.1.1. Inceasing robustness when reading arrays</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language-Resources">3.1.2. Resource management</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language-Finalizers">3.1.3. Finalizers</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language-Exceptions">3.1.4. Recovering from exceptions and errors</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Java-LowLevel">3.2. Low-level features of the virtual machine</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Reflection">3.2.1. <code class="literal">Reflection and private
parts</code></a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-JNI">3.2.2. Java Native Interface (JNI)</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-MiscUnsafe">3.2.3. <code class="literal">sun.misc.Unsafe</code></a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager">3.3. Interacting with the security manager</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager-Compatible">3.3.1. Security manager compatibility</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager-Activate">3.3.2. Activating the security manager</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager-Unprivileged">3.3.3. Reducing trust in code</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager-Privileged">3.3.4. Re-gaining privileges<
/a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Python">4. The Python Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225462965424">4.1. Dangerous standard library features</a></span></dt><dt><span class="section"><a href="#idm225437846320">4.2. Run-time compilation and code generation</a></span></dt><dt><span class="section"><a href="#idm225452013312">4.3. Sandboxing</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Go">5. The Go Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="#chap-Defensive_Coding-Go-Memory_Safety">5.1. Memory safety</a></span></dt><dt><span class="section"><a href="#chap-Defensive_Coding-Go-Error_Handling">5.2. Error handling</a></span></dt><dt><span class="section"><a href="#chap-Defensive_Coding-Go-Garbage_Collector">5.3. Garbage Collector</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defens
ive_Coding-Vala">6. The Vala Programming Language</a></span></dt></dl></dd><dt><span class="part"><a href="#idm225446782352">II. Specific Programming Tasks</a></span></dt><dd><dl><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-Library_Design">7. Library Design</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225461550096">7.1. State management</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225456220368">7.1.1. Global state</a></span></dt><dt><span class="section"><a href="#idm225456360144">7.1.2. Handles</a></span></dt></dl></dd><dt><span class="section"><a href="#idm225362028336">7.2. Object orientation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Library_Design-Callbacks">7.3. Callbacks</a></span></dt><dt><span class="section"><a href="#idm225458031568">7.4. Process attributes</a></span></dt></dl></dd><dt><span class="chapter"><a href="#sect-Defensive_Coding-Tasks-Descriptors">8. File Descriptor
Management</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225463482160">8.1. Closing descriptors</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225452445568">8.1.1. Error handling during descriptor close</a></span></dt><dt><span class="section"><a href="#idm225452860400">8.1.2. Closing descriptors and race conditions</a></span></dt><dt><span class="section"><a href="#idm225442407552">8.1.3. Lingering state after close</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Descriptors-Child_Processes">8.2. Preventing file descriptor leaks to child processes</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Descriptors-Limit">8.3. Dealing with the <code class="function">select</code> limit</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-File_System">9. File system manipulation</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defen
sive_Coding-Tasks-File_System-Unowned">9.1. Working with files and directories owned by other users</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Foreign">9.2. Accessing the file system as a different user</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Limits">9.3. File system limits</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Features">9.4. File system features</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Free_Space">9.5. Checking free space</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-Temporary_Files">10. Temporary files</a></span></dt><dd><dl><dt><span class="section"><a href="#chap-Defensive_Coding-Tasks-Temporary_Files-Location">10.1. Obtaining the location of temporary directory</a></span></dt><dt><span class="section"><a href="#idm225440111200">1
0.2. Named temporary files</a></span></dt><dt><span class="section"><a href="#idm225471949376">10.3. Temporary files without names</a></span></dt><dt><span class="section"><a href="#chap-Defensive_Coding-Tasks-Temporary_Directory">10.4. Temporary directories</a></span></dt><dt><span class="section"><a href="#idm225466685888">10.5. Compensating for unsafe file creation</a></span></dt></dl></dd><dt><span class="chapter"><a href="#sect-Defensive_Coding-Tasks-Processes">11. Processes</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Creation">11.1. Safe process creation</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225451489136">11.1.1. Obtaining the program path and the command line template</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-execve">11.1.2. Bypassing the shell</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-environ">11.1.
3. Specifying the process environment</a></span></dt><dt><span class="section"><a href="#idm225449401040">11.1.4. Robust argument list processing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Command_Line_Visibility">11.1.5. Passing secrets to subprocesses</a></span></dt></dl></dd><dt><span class="section"><a href="#idm225441023584">11.2. Handling child process termination</a></span></dt><dt><span class="section"><a href="#idm225456597984">11.3. <code class="literal">SUID</code>/<code class="literal">SGID</code> processes</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-secure_getenv">11.3.1. Accessing environment variables</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Daemons">11.4. Daemons</a></span></dt><dt><span class="section"><a href="#idm225410763344">11.5. Semantics of command line arguments</a></span></dt><dt><span class="section"><a
href="#sect-Defensive_Coding-Tasks-Processes-Fork-Parallel">11.6. <code class="function">fork</code> as a primitive for parallelism</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-Serialization">12. Serialization and Deserialization</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Decoders">12.1. Recommendations for manually written decoders</a></span></dt><dt><span class="section"><a href="#idm225454526272">12.2. Protocol design</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Fragmentation">12.3. Fragmentation</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Fragmentation-ID">12.3.1. Fragment IDs</a></span></dt></dl></dd><dt><span class="section"><a href="#idm225453976880">12.4. Library support for deserialization</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-T
asks-Serialization-XML">12.5. XML serialization</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-External">12.5.1. External references</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-Entities">12.5.2. Entity expansion</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-XInclude">12.5.3. XInclude processing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-Validation">12.5.4. Algorithmic complexity of XML validation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-Expat">12.5.5. Using Expat for XML parsing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Qt">12.5.6. Using Qt for XML parsing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-OpenJD
K_Parse">12.5.7. Using OpenJDK for XML parsing and validation</a></span></dt></dl></dd><dt><span class="section"><a href="#idm225461438784">12.6. Protocol Encoders</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-Cryptography">13. Cryptography</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225439624448">13.1. Primitives</a></span></dt><dt><span class="section"><a href="#idm225469447536">13.2. Randomness</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-Packaging">14. RPM packaging</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Packaging-Certificates">14.1. Generating X.509 self-signed certificates during installation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Packaging-Certificates-Service">14.2. Generating X.509 self-signed certificates before service start</a></span></dt></dl></dd></dl></dd><dt><span class
="part"><a href="#idm225439368352">III. Implementing Security Features</a></span></dt><dd><dl><dt><span class="chapter"><a href="#chap-Defensive_Coding-Authentication">15. Authentication and Authorization</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-Server">15.1. Authenticating servers</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-Host_based">15.2. Host-based authentication</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-UNIX_Domain">15.3. UNIX domain socket authentication</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-Netlink">15.4. <code class="literal">AF_NETLINK</code> authentication of origin</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-TLS">16. Transport Layer Security</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls
">16.1. Common Pitfalls</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-OpenSSL">16.1.1. OpenSSL Pitfalls</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls-GNUTLS">16.1.2. GNUTLS Pitfalls</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls-OpenJDK">16.1.3. OpenJDK Pitfalls</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls-NSS">16.1.4. NSS Pitfalls</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client">16.2. TLS Clients</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225459421792">16.2.1. Implementation TLS Clients With OpenSSL</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-GNUTLS">16.2.2. Implementation TLS Clients With GNUTLS</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-OpenJDK">16.2.3. Implementing TLS Cl
ients With OpenJDK</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-NSS">16.2.4. Implementing TLS Clients With NSS</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-Python">16.2.5. Implementing TLS Clients With Python</a></span></dt></dl></dd></dl></dd></dl></dd><dt><span class="appendix"><a href="#appe-Defensive_Coding-Revision_History">A. Revision History</a></span></dt></dl></div><div class="part" id="idm225447251568"><div class="titlepage"><div><div text-align="center"><h1 class="title">Part I. Programming Languages</h1></div></div></div><div class="toc"><p><strong>Table of Contents</strong></p><dl class="toc"><dt><span class="chapter"><a href="#chap-Defensive_Coding-C">1. The C Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Language">1.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Undefi
ned">1.1.1. Undefined behavior</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Pointers">1.1.2. Recommendations for pointers and array handling</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Arithmetic">1.1.3. Recommendations for integer arithmetic</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Globals">1.1.4. Global variables</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-C-Libc">1.2. The C standard library</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Absolutely-Banned">1.2.1. Absolutely banned interfaces</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Avoid">1.2.2. Functions to avoid</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-String-Functions-Length">1.2.3. String Functions With Explicit Length Arguments</a></span></dt></dl></dd><dt><span class="section"><a hre
f="#sect-Defensive_Coding-C-Allocators">1.3. Memory allocators</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225450178096">1.3.1. <code class="function">malloc</code> and related functions</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Allocators-alloca">1.3.2. <code class="function">alloca</code> and other forms of stack-based allocation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Allocators-Arrays">1.3.3. Array allocation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Allocators-Custom">1.3.4. Custom memory allocators</a></span></dt><dt><span class="section"><a href="#idm225434627312">1.3.5. Conservative garbage collection</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-C-Other">1.4. Other C-related topics</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Wrapper-Functions">1.4.1. Wrapper functions</a></s
pan></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-CXX">2. The C++ Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Language">2.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225489138080">2.1.1. Array allocation with <code class="literal">operator new[]</code></a></span></dt><dt><span class="section"><a href="#idm225496547824">2.1.2. Overloading</a></span></dt><dt><span class="section"><a href="#idm225489139440">2.1.3. ABI compatibility and preparing for security updates</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Language-CXX11">2.1.4. C++0X and C++11 support</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std">2.2. The C++ standard library</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std-Functions">2.2.1. Functions that are difficult t
o use</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std-String">2.2.2. String handling with <code class="literal">std::string</code></a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std-Subscript">2.2.3. Containers and <code class="literal">operator[]</code></a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std-Iterators">2.2.4. Iterators</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Java">3. The Java Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language">3.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language-ReadArray">3.1.1. Inceasing robustness when reading arrays</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language-Resources">3.1.2. Resource management</a></span></dt><dt><span class="
section"><a href="#sect-Defensive_Coding-Java-Language-Finalizers">3.1.3. Finalizers</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language-Exceptions">3.1.4. Recovering from exceptions and errors</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Java-LowLevel">3.2. Low-level features of the virtual machine</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Reflection">3.2.1. <code class="literal">Reflection and private parts</code></a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-JNI">3.2.2. Java Native Interface (JNI)</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-MiscUnsafe">3.2.3. <code class="literal">sun.misc.Unsafe</code></a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager">3.3. Interacting with the security manager</a></span></dt><dd><dl><dt><span class="sect
ion"><a href="#sect-Defensive_Coding-Java-SecurityManager-Compatible">3.3.1. Security manager compatibility</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager-Activate">3.3.2. Activating the security manager</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager-Unprivileged">3.3.3. Reducing trust in code</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager-Privileged">3.3.4. Re-gaining privileges</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Python">4. The Python Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225462965424">4.1. Dangerous standard library features</a></span></dt><dt><span class="section"><a href="#idm225437846320">4.2. Run-time compilation and code generation</a></span></dt><dt><span class="section"><a href="#idm225452013312">4.3. Sandboxing</a></span></dt
></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Go">5. The Go Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="#chap-Defensive_Coding-Go-Memory_Safety">5.1. Memory safety</a></span></dt><dt><span class="section"><a href="#chap-Defensive_Coding-Go-Error_Handling">5.2. Error handling</a></span></dt><dt><span class="section"><a href="#chap-Defensive_Coding-Go-Garbage_Collector">5.3. Garbage Collector</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Vala">6. The Vala Programming Language</a></span></dt></dl></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-C" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 1. The C Programming Language</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#sect-Defensive_Coding-C-Language">1.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defens
ive_Coding-C-Undefined">1.1.1. Undefined behavior</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Pointers">1.1.2. Recommendations for pointers and array handling</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Arithmetic">1.1.3. Recommendations for integer arithmetic</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Globals">1.1.4. Global variables</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-C-Libc">1.2. The C standard library</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Absolutely-Banned">1.2.1. Absolutely banned interfaces</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Avoid">1.2.2. Functions to avoid</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-String-Functions-Length">1.2.3. String Functions With Explicit Length Arguments</a></span></dt></dl></dd><dt><span cla
ss="section"><a href="#sect-Defensive_Coding-C-Allocators">1.3. Memory allocators</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225450178096">1.3.1. <code class="function">malloc</code> and related functions</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Allocators-alloca">1.3.2. <code class="function">alloca</code> and other forms of stack-based allocation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Allocators-Arrays">1.3.3. Array allocation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Allocators-Custom">1.3.4. Custom memory allocators</a></span></dt><dt><span class="section"><a href="#idm225434627312">1.3.5. Conservative garbage collection</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-C-Other">1.4. Other C-related topics</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Wrapper-Functions">1.4.1. Wrapp
er functions</a></span></dt></dl></dd></dl></div><div xml:lang="en-US" class="section" id="sect-Defensive_Coding-C-Language" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">1.1. The core language</h2></div></div></div><div class="para">
+ </div></div></div></div><hr /></div><div class="toc"><dl class="toc"><dt><span class="part"><a href="#idm225448637200">I. Programming Languages</a></span></dt><dd><dl><dt><span class="chapter"><a href="#chap-Defensive_Coding-C">1. The C Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Language">1.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Undefined">1.1.1. Undefined behavior</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Pointers">1.1.2. Recommendations for pointers and array handling</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Arithmetic">1.1.3. Recommendations for integer arithmetic</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Globals">1.1.4. Global variables</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-C-Libc">1.2. The C standard l
ibrary</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Absolutely-Banned">1.2.1. Absolutely banned interfaces</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Avoid">1.2.2. Functions to avoid</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-String-Functions-Length">1.2.3. String Functions With Explicit Length Arguments</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-C-Allocators">1.3. Memory allocators</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225451922256">1.3.1. <code class="function">malloc</code> and related functions</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Allocators-alloca">1.3.2. <code class="function">alloca</code> and other forms of stack-based allocation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Allocators-Arrays">1.3.3. Array allocation</a></span></dt><dt><s
pan class="section"><a href="#sect-Defensive_Coding-C-Allocators-Custom">1.3.4. Custom memory allocators</a></span></dt><dt><span class="section"><a href="#idm225457065376">1.3.5. Conservative garbage collection</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-C-Other">1.4. Other C-related topics</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Wrapper-Functions">1.4.1. Wrapper functions</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-CXX">2. The C++ Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Language">2.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225488414944">2.1.1. Array allocation with <code class="literal">operator new[]</code></a></span></dt><dt><span class="section"><a href="#idm225479524304">2.1.2. Overloading</a></span></dt><dt><span class="section"><a hr
ef="#idm225479527536">2.1.3. ABI compatibility and preparing for security updates</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Language-CXX11">2.1.4. C++0X and C++11 support</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std">2.2. The C++ standard library</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std-Functions">2.2.1. Functions that are difficult to use</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std-String">2.2.2. String handling with <code class="literal">std::string</code></a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std-Subscript">2.2.3. Containers and <code class="literal">operator[]</code></a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std-Iterators">2.2.4. Iterators</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Java
">3. The Java Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language">3.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language-ReadArray">3.1.1. Inceasing robustness when reading arrays</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language-Resources">3.1.2. Resource management</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language-Finalizers">3.1.3. Finalizers</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language-Exceptions">3.1.4. Recovering from exceptions and errors</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Java-LowLevel">3.2. Low-level features of the virtual machine</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Reflection">3.2.1. <code class="literal">Reflection and private
parts</code></a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-JNI">3.2.2. Java Native Interface (JNI)</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-MiscUnsafe">3.2.3. <code class="literal">sun.misc.Unsafe</code></a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager">3.3. Interacting with the security manager</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager-Compatible">3.3.1. Security manager compatibility</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager-Activate">3.3.2. Activating the security manager</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager-Unprivileged">3.3.3. Reducing trust in code</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager-Privileged">3.3.4. Re-gaining privileges<
/a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Python">4. The Python Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225400167216">4.1. Dangerous standard library features</a></span></dt><dt><span class="section"><a href="#idm225428064608">4.2. Run-time compilation and code generation</a></span></dt><dt><span class="section"><a href="#idm225353336832">4.3. Sandboxing</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Shell">5. Shell Programming and <span class="application"><strong>bash</strong></span></a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Shell-Alternatives">5.1. Consider alternatives</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Shell-Language">5.2. Shell language features</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Shell-Parameter_Expansion">5.2.1. Paramet
er expansion</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Shell-Double_Expansion">5.2.2. Double expansion</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Shell-Obscure">5.2.3. Other obscurities</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Shell-Invoke">5.3. Invoking external commands</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Shell-Temporary_Files">5.4. Temporary files</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Shell-Input_Validation">5.5. Performing input validation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Shell-Edit_Guard">5.6. Guarding shell scripts against changes</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Go">6. The Go Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="#chap-Defensive_Coding-Go-Memory_Safety">6.1. Memory sa
fety</a></span></dt><dt><span class="section"><a href="#chap-Defensive_Coding-Go-Error_Handling">6.2. Error handling</a></span></dt><dt><span class="section"><a href="#chap-Defensive_Coding-Go-Garbage_Collector">6.3. Garbage Collector</a></span></dt><dt><span class="section"><a href="#chap-Defensive_Coding-Go-Marshaling">6.4. Marshaling and unmarshaling</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Vala">7. The Vala Programming Language</a></span></dt></dl></dd><dt><span class="part"><a href="#idm225430151904">II. Specific Programming Tasks</a></span></dt><dd><dl><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-Library_Design">8. Library Design</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225442354272">8.1. State management</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225460623712">8.1.1. Global state</a></span></dt><dt><span class="section"><a href="#idm225445373952">8.1.2. Handles</a></sp
an></dt></dl></dd><dt><span class="section"><a href="#idm225465970912">8.2. Object orientation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Library_Design-Callbacks">8.3. Callbacks</a></span></dt><dt><span class="section"><a href="#idm225427877808">8.4. Process attributes</a></span></dt></dl></dd><dt><span class="chapter"><a href="#sect-Defensive_Coding-Tasks-Descriptors">9. File Descriptor Management</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225453644928">9.1. Closing descriptors</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225457482448">9.1.1. Error handling during descriptor close</a></span></dt><dt><span class="section"><a href="#idm225433132304">9.1.2. Closing descriptors and race conditions</a></span></dt><dt><span class="section"><a href="#idm225443666496">9.1.3. Lingering state after close</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Descriptors-Child_Pr
ocesses">9.2. Preventing file descriptor leaks to child processes</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Descriptors-Limit">9.3. Dealing with the <code class="function">select</code> limit</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-File_System">10. File system manipulation</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Unowned">10.1. Working with files and directories owned by other users</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Foreign">10.2. Accessing the file system as a different user</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Limits">10.3. File system limits</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Features">10.4. File system features</a></span></dt><dt><span class="section"><a href="#sect
-Defensive_Coding-Tasks-File_System-Free_Space">10.5. Checking free space</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-Temporary_Files">11. Temporary files</a></span></dt><dd><dl><dt><span class="section"><a href="#chap-Defensive_Coding-Tasks-Temporary_Files-Location">11.1. Obtaining the location of temporary directory</a></span></dt><dt><span class="section"><a href="#idm225390206256">11.2. Named temporary files</a></span></dt><dt><span class="section"><a href="#idm225406332272">11.3. Temporary files without names</a></span></dt><dt><span class="section"><a href="#chap-Defensive_Coding-Tasks-Temporary_Directory">11.4. Temporary directories</a></span></dt><dt><span class="section"><a href="#idm225454191968">11.5. Compensating for unsafe file creation</a></span></dt></dl></dd><dt><span class="chapter"><a href="#sect-Defensive_Coding-Tasks-Processes">12. Processes</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defens
ive_Coding-Tasks-Processes-Creation">12.1. Safe process creation</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225447651360">12.1.1. Obtaining the program path and the command line template</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-execve">12.1.2. Bypassing the shell</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-environ">12.1.3. Specifying the process environment</a></span></dt><dt><span class="section"><a href="#idm225399548240">12.1.4. Robust argument list processing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Command_Line_Visibility">12.1.5. Passing secrets to subprocesses</a></span></dt></dl></dd><dt><span class="section"><a href="#idm225455450336">12.2. Handling child process termination</a></span></dt><dt><span class="section"><a href="#idm225459931232">12.3. <code class="literal">SUID</code>/<code class="literal">SGID</
code> processes</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-secure_getenv">12.3.1. Accessing environment variables</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Daemons">12.4. Daemons</a></span></dt><dt><span class="section"><a href="#idm225443789280">12.5. Semantics of command line arguments</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Fork-Parallel">12.6. <code class="function">fork</code> as a primitive for parallelism</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-Serialization">13. Serialization and Deserialization</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Decoders">13.1. Recommendations for manually written decoders</a></span></dt><dt><span class="section"><a href="#idm225488466928">13.2. Protocol design</a></span></dt><dt><span cla
ss="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Fragmentation">13.3. Fragmentation</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Fragmentation-ID">13.3.1. Fragment IDs</a></span></dt></dl></dd><dt><span class="section"><a href="#idm225432336176">13.4. Library support for deserialization</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML">13.5. XML serialization</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-External">13.5.1. External references</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-Entities">13.5.2. Entity expansion</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-XInclude">13.5.3. XInclude processing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-
Validation">13.5.4. Algorithmic complexity of XML validation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-Expat">13.5.5. Using Expat for XML parsing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Qt">13.5.6. Using Qt for XML parsing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse">13.5.7. Using OpenJDK for XML parsing and validation</a></span></dt></dl></dd><dt><span class="section"><a href="#idm225490272272">13.6. Protocol Encoders</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-Cryptography">14. Cryptography</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225484622624">14.1. Primitives</a></span></dt><dt><span class="section"><a href="#idm225440268992">14.2. Randomness</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-Pack
aging">15. RPM packaging</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Packaging-Certificates">15.1. Generating X.509 self-signed certificates during installation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Packaging-Certificates-Service">15.2. Generating X.509 self-signed certificates before service start</a></span></dt></dl></dd></dl></dd><dt><span class="part"><a href="#idm225445121008">III. Implementing Security Features</a></span></dt><dd><dl><dt><span class="chapter"><a href="#chap-Defensive_Coding-Authentication">16. Authentication and Authorization</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-Server">16.1. Authenticating servers</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-Host_based">16.2. Host-based authentication</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Authenticati
on-UNIX_Domain">16.3. UNIX domain socket authentication</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-Netlink">16.4. <code class="literal">AF_NETLINK</code> authentication of origin</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-TLS">17. Transport Layer Security</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls">17.1. Common Pitfalls</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-OpenSSL">17.1.1. OpenSSL Pitfalls</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls-GNUTLS">17.1.2. GNUTLS Pitfalls</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls-OpenJDK">17.1.3. OpenJDK Pitfalls</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls-NSS">17.1.4. NSS Pitfalls</a></span></dt></dl></dd><dt><span class="section"><a href="#s
ect-Defensive_Coding-TLS-Client">17.2. TLS Clients</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225446049504">17.2.1. Implementation TLS Clients With OpenSSL</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-GNUTLS">17.2.2. Implementation TLS Clients With GNUTLS</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-OpenJDK">17.2.3. Implementing TLS Clients With OpenJDK</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-NSS">17.2.4. Implementing TLS Clients With NSS</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-Python">17.2.5. Implementing TLS Clients With Python</a></span></dt></dl></dd></dl></dd></dl></dd><dt><span class="appendix"><a href="#appe-Defensive_Coding-Revision_History">A. Revision History</a></span></dt></dl></div><div class="part" id="idm225448637200"><div class="titlepage"><div><div text-align="center"><h1 clas
s="title">Part I. Programming Languages</h1></div></div></div><div class="toc"><p><strong>Table of Contents</strong></p><dl class="toc"><dt><span class="chapter"><a href="#chap-Defensive_Coding-C">1. The C Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Language">1.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Undefined">1.1.1. Undefined behavior</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Pointers">1.1.2. Recommendations for pointers and array handling</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Arithmetic">1.1.3. Recommendations for integer arithmetic</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Globals">1.1.4. Global variables</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-C-Libc">1.2. The C standard library</a></span></dt><dd><dl><
dt><span class="section"><a href="#sect-Defensive_Coding-C-Absolutely-Banned">1.2.1. Absolutely banned interfaces</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Avoid">1.2.2. Functions to avoid</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-String-Functions-Length">1.2.3. String Functions With Explicit Length Arguments</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-C-Allocators">1.3. Memory allocators</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225451922256">1.3.1. <code class="function">malloc</code> and related functions</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Allocators-alloca">1.3.2. <code class="function">alloca</code> and other forms of stack-based allocation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Allocators-Arrays">1.3.3. Array allocation</a></span></dt><dt><span class="section"><a href="#s
ect-Defensive_Coding-C-Allocators-Custom">1.3.4. Custom memory allocators</a></span></dt><dt><span class="section"><a href="#idm225457065376">1.3.5. Conservative garbage collection</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-C-Other">1.4. Other C-related topics</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Wrapper-Functions">1.4.1. Wrapper functions</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-CXX">2. The C++ Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Language">2.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225488414944">2.1.1. Array allocation with <code class="literal">operator new[]</code></a></span></dt><dt><span class="section"><a href="#idm225479524304">2.1.2. Overloading</a></span></dt><dt><span class="section"><a href="#idm225479527536">2.1.3. AB
I compatibility and preparing for security updates</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Language-CXX11">2.1.4. C++0X and C++11 support</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std">2.2. The C++ standard library</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std-Functions">2.2.1. Functions that are difficult to use</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std-String">2.2.2. String handling with <code class="literal">std::string</code></a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std-Subscript">2.2.3. Containers and <code class="literal">operator[]</code></a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std-Iterators">2.2.4. Iterators</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Java">3. The Java Programming Langu
age</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language">3.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language-ReadArray">3.1.1. Inceasing robustness when reading arrays</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language-Resources">3.1.2. Resource management</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language-Finalizers">3.1.3. Finalizers</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Language-Exceptions">3.1.4. Recovering from exceptions and errors</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Java-LowLevel">3.2. Low-level features of the virtual machine</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Java-Reflection">3.2.1. <code class="literal">Reflection and private parts</code></a></span></dt><dt
><span class="section"><a href="#sect-Defensive_Coding-Java-JNI">3.2.2. Java Native Interface (JNI)</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-MiscUnsafe">3.2.3. <code class="literal">sun.misc.Unsafe</code></a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager">3.3. Interacting with the security manager</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager-Compatible">3.3.1. Security manager compatibility</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager-Activate">3.3.2. Activating the security manager</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager-Unprivileged">3.3.3. Reducing trust in code</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Java-SecurityManager-Privileged">3.3.4. Re-gaining privileges</a></span></dt></dl></dd></dl><
/dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Python">4. The Python Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225400167216">4.1. Dangerous standard library features</a></span></dt><dt><span class="section"><a href="#idm225428064608">4.2. Run-time compilation and code generation</a></span></dt><dt><span class="section"><a href="#idm225353336832">4.3. Sandboxing</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Shell">5. Shell Programming and <span class="application"><strong>bash</strong></span></a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Shell-Alternatives">5.1. Consider alternatives</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Shell-Language">5.2. Shell language features</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Shell-Parameter_Expansion">5.2.1. Parameter expansion</a></span></dt><dt
><span class="section"><a href="#sect-Defensive_Coding-Shell-Double_Expansion">5.2.2. Double expansion</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Shell-Obscure">5.2.3. Other obscurities</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Shell-Invoke">5.3. Invoking external commands</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Shell-Temporary_Files">5.4. Temporary files</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Shell-Input_Validation">5.5. Performing input validation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Shell-Edit_Guard">5.6. Guarding shell scripts against changes</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Go">6. The Go Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="#chap-Defensive_Coding-Go-Memory_Safety">6.1. Memory safety</a></span></dt><dt><span c
lass="section"><a href="#chap-Defensive_Coding-Go-Error_Handling">6.2. Error handling</a></span></dt><dt><span class="section"><a href="#chap-Defensive_Coding-Go-Garbage_Collector">6.3. Garbage Collector</a></span></dt><dt><span class="section"><a href="#chap-Defensive_Coding-Go-Marshaling">6.4. Marshaling and unmarshaling</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Vala">7. The Vala Programming Language</a></span></dt></dl></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-C" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 1. The C Programming Language</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#sect-Defensive_Coding-C-Language">1.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Undefined">1.1.1. Undefined behavior</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Po
inters">1.1.2. Recommendations for pointers and array handling</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Arithmetic">1.1.3. Recommendations for integer arithmetic</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Globals">1.1.4. Global variables</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-C-Libc">1.2. The C standard library</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Absolutely-Banned">1.2.1. Absolutely banned interfaces</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Avoid">1.2.2. Functions to avoid</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-String-Functions-Length">1.2.3. String Functions With Explicit Length Arguments</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-C-Allocators">1.3. Memory allocators</a></span></dt><dd><dl><dt><span class="secti
on"><a href="#idm225451922256">1.3.1. <code class="function">malloc</code> and related functions</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Allocators-alloca">1.3.2. <code class="function">alloca</code> and other forms of stack-based allocation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Allocators-Arrays">1.3.3. Array allocation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-C-Allocators-Custom">1.3.4. Custom memory allocators</a></span></dt><dt><span class="section"><a href="#idm225457065376">1.3.5. Conservative garbage collection</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-C-Other">1.4. Other C-related topics</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-C-Wrapper-Functions">1.4.1. Wrapper functions</a></span></dt></dl></dd></dl></div><div xml:lang="en-US" class="section" id="sect-Defensive_Coding-C-Language" la
ng="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">1.1. The core language</h2></div></div></div><div class="para">
C provides no memory safety. Most recommendations in this section deal with this aspect of the language.
</div><div class="section" id="sect-Defensive_Coding-C-Undefined"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">1.1.1. Undefined behavior</h3></div></div></div><div class="para">
Some C constructs are defined to be undefined by the C standard. This does not only mean that the standard does not describe what happens when the construct is executed. It also allows optimizing compilers such as GCC to assume that this particular construct is never reached. In some cases, this has caused GCC to optimize security checks away. (This is not a flaw in GCC or the C language. But C certainly has some areas which are more difficult to use than others.)
@@ -206,17 +206,17 @@ mul(<span class="perl_DataType">unsigned</span> a, <span class="perl_DataType">u
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
<code class="function">alloca</code> ⟶ <code class="function">malloc</code> and <code class="function">free</code> (see <a class="xref" href="#sect-Defensive_Coding-C-Allocators-alloca">Section 1.3.2, “<code class="function">alloca</code> and other forms of stack-based allocation”</a>)
</div></li><li class="listitem"><div class="para">
- <code class="function">putenv</code> ⟶ explicit <code class="varname">envp</code> argument in process creation (see <a class="xref" href="#sect-Defensive_Coding-Tasks-Processes-environ">Section 11.1.3, “Specifying the process environment”</a>)
+ <code class="function">putenv</code> ⟶ explicit <code class="varname">envp</code> argument in process creation (see <a class="xref" href="#sect-Defensive_Coding-Tasks-Processes-environ">Section 12.1.3, “Specifying the process environment”</a>)
</div></li><li class="listitem"><div class="para">
- <code class="function">setenv</code> ⟶ explicit <code class="varname">envp</code> argument in process creation (see <a class="xref" href="#sect-Defensive_Coding-Tasks-Processes-environ">Section 11.1.3, “Specifying the process environment”</a>)
+ <code class="function">setenv</code> ⟶ explicit <code class="varname">envp</code> argument in process creation (see <a class="xref" href="#sect-Defensive_Coding-Tasks-Processes-environ">Section 12.1.3, “Specifying the process environment”</a>)
</div></li><li class="listitem"><div class="para">
<code class="function">strdupa</code> ⟶ <code class="function">strdup</code> and <code class="function">free</code> (see <a class="xref" href="#sect-Defensive_Coding-C-Allocators-alloca">Section 1.3.2, “<code class="function">alloca</code> and other forms of stack-based allocation”</a>)
</div></li><li class="listitem"><div class="para">
<code class="function">strndupa</code> ⟶ <code class="function">strndup</code> and <code class="function">free</code> (see <a class="xref" href="#sect-Defensive_Coding-C-Allocators-alloca">Section 1.3.2, “<code class="function">alloca</code> and other forms of stack-based allocation”</a>)
</div></li><li class="listitem"><div class="para">
- <code class="function">system</code> ⟶ <code class="function">posix_spawn</code> or <code class="function">fork</code>/<code class="function">execve</code>/ (see <a class="xref" href="#sect-Defensive_Coding-Tasks-Processes-execve">Section 11.1.2, “Bypassing the shell”</a>)
+ <code class="function">system</code> ⟶ <code class="function">posix_spawn</code> or <code class="function">fork</code>/<code class="function">execve</code>/ (see <a class="xref" href="#sect-Defensive_Coding-Tasks-Processes-execve">Section 12.1.2, “Bypassing the shell”</a>)
</div></li><li class="listitem"><div class="para">
- <code class="function">unsetenv</code> ⟶ explicit <code class="varname">envp</code> argument in process creation (see <a class="xref" href="#sect-Defensive_Coding-Tasks-Processes-environ">Section 11.1.3, “Specifying the process environment”</a>)
+ <code class="function">unsetenv</code> ⟶ explicit <code class="varname">envp</code> argument in process creation (see <a class="xref" href="#sect-Defensive_Coding-Tasks-Processes-environ">Section 12.1.3, “Specifying the process environment”</a>)
</div></li></ul></div></div><div class="section" id="sect-Defensive_Coding-C-String-Functions-Length"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">1.2.3. String Functions With Explicit Length Arguments</h3></div></div></div><div class="para">
The C run-time library provides string manipulation functions which not just look for NUL characters for string termination, but also honor explicit lengths provided by the caller. However, these functions evolved over a long period of time, and the lengths mean different things depending on the function.
</div><div class="section" id="sect-Defensive_Coding-C-Libc-snprintf"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title">1.2.3.1. <code class="literal">snprintf</code></h4></div></div></div><div class="para">
@@ -283,15 +283,15 @@ snprintf(buf, <span class="perl_Keyword">sizeof</span>(buf), <span class="perl_S
But you should must not dynamically construct format strings to avoid concatenation because this would prevent GCC from type-checking the argument lists.
</div><div class="para">
It is not possible to use format strings like <code class="literal">"%s%s"</code> to implement concatenation, unless you use separate buffers. <code class="function">snprintf</code> does not support overlapping source and target strings.
- </div></div><div class="section" id="idm225470486352"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm225470486352">1.2.3.5. <code class="function">strlcpy</code> and <code class="function">strlcat</code></h4></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225457712640"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm225457712640">1.2.3.5. <code class="function">strlcpy</code> and <code class="function">strlcat</code></h4></div></div></div><div class="para">
Some systems support <code class="function">strlcpy</code> and <code class="function">strlcat</code> functions which behave this way, but these functions are not part of GNU libc. <code class="function">strlcpy</code> is often replaced with <code class="function">snprintf</code> with a <code class="literal">"%s"</code> format string. See <a class="xref" href="#sect-Defensive_Coding-C-Libc-strncpy">Section 1.2.3.3, “<code class="function">strncpy</code>”</a> for a caveat related to the <code class="function">snprintf</code> return value.
</div><div class="para">
To emulate <code class="function">strlcat</code>, use the approach described in <a class="xref" href="#sect-Defensive_Coding-C-Libc-strncat">Section 1.2.3.4, “<code class="function">strncat</code>”</a>.
- </div></div><div class="section" id="idm225473154784"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm225473154784">1.2.3.6. ISO C11 Annex K *<code class="function">_s</code> functions</h4></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225433046912"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm225433046912">1.2.3.6. ISO C11 Annex K *<code class="function">_s</code> functions</h4></div></div></div><div class="para">
ISO C11 adds another set of length-checking functions, but GNU libc currently does not implement them.
- </div></div><div class="section" id="idm225464812288"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm225464812288">1.2.3.7. Other <code class="function">strn</code>* and <code class="function">stpn</code>* functions</h4></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225466727360"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm225466727360">1.2.3.7. Other <code class="function">strn</code>* and <code class="function">stpn</code>* functions</h4></div></div></div><div class="para">
GNU libc contains additional functions with different variants of length checking. Consult the documentation before using them to find out what the length actually means.
- </div></div></div></div><div xml:lang="en-US" class="section" id="sect-Defensive_Coding-C-Allocators" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">1.3. Memory allocators</h2></div></div></div><div class="section" id="idm225450178096"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225450178096">1.3.1. <code class="function">malloc</code> and related functions</h3></div></div></div><div class="para">
+ </div></div></div></div><div xml:lang="en-US" class="section" id="sect-Defensive_Coding-C-Allocators" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">1.3. Memory allocators</h2></div></div></div><div class="section" id="idm225451922256"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225451922256">1.3.1. <code class="function">malloc</code> and related functions</h3></div></div></div><div class="para">
The C library interfaces for memory allocation are provided by <code class="function">malloc</code>, <code class="function">free</code> and <code class="function">realloc</code>, and the <code class="function">calloc</code> function. In addition to these generic functions, there are derived functions such as <code class="function">strdup</code> which perform allocation using <code class="function">malloc</code> internally, but do not return untyped heap memory (which could be used for any object).
</div><div class="para">
The C compiler knows about these functions and can use their expected behavior for optimizations. For instance, the compiler assumes that an existing pointer (or a pointer derived from an existing pointer by arithmetic) will not point into the memory area returned by <code class="function">malloc</code>.
@@ -301,10 +301,10 @@ snprintf(buf, <span class="perl_Keyword">sizeof</span>(buf), <span class="perl_S
After <code class="function">free</code>, the pointer is invalid. Further pointer dereferences are not allowed (and are usually detected by <span class="application"><strong>valgrind</strong></span>). Less obvious is that any <span class="emphasis"><em>use</em></span> of the old pointer value is not allowed, either. In particular, comparisons with any other pointer (or the null pointer) are undefined according to the C standard.
</div><div class="para">
The same rules apply to <code class="function">realloc</code> if the memory area cannot be enlarged in-place. For instance, the compiler may assume that a comparison between the old and new pointer will always return false, so it is impossible to detect movement this way.
- </div></div><div class="section" id="idm225462453888"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm225462453888">1.3.1.2. Handling memory allocation errors</h4></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225460048864"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm225460048864">1.3.1.2. Handling memory allocation errors</h4></div></div></div><div class="para">
Recovering from out-of-memory errors is often difficult or even impossible. In these cases, <code class="function">malloc</code> and other allocation functions return a null pointer. Dereferencing this pointer lead to a crash. Such dereferences can even be exploitable for code execution if the dereference is combined with an array subscript.
</div><div class="para">
- In general, if you cannot check all allocation calls and handle failure, you should abort the program on allocation failure, and not rely on the null pointer dereference to terminate the process. See <a class="xref" href="#sect-Defensive_Coding-Tasks-Serialization-Decoders">Section 12.1, “Recommendations for manually written decoders”</a> for related memory allocation concerns.
+ In general, if you cannot check all allocation calls and handle failure, you should abort the program on allocation failure, and not rely on the null pointer dereference to terminate the process. See <a class="xref" href="#sect-Defensive_Coding-Tasks-Serialization-Decoders">Section 13.1, “Recommendations for manually written decoders”</a> for related memory allocation concerns.
</div></div></div><div class="section" id="sect-Defensive_Coding-C-Allocators-alloca"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">1.3.2. <code class="function">alloca</code> and other forms of stack-based allocation</h3></div></div></div><div class="para">
Allocation on the stack is risky because stack overflow checking is implicit. There is a guard page at the end of the memory area reserved for the stack. If the program attempts to read from or write to this guard page, a <code class="literal">SIGSEGV</code> signal is generated and the program typically terminates.
</div><div class="para">
@@ -331,7 +331,7 @@ snprintf(buf, <span class="perl_Keyword">sizeof</span>(buf), <span class="perl_S
Size computations for array allocations need overflow checking. See <a class="xref" href="#sect-Defensive_Coding-C-Allocators-Arrays">Section 1.3.3, “Array allocation”</a>.
</div></li><li class="listitem"><div class="para">
It can be difficult to beat well-tuned general-purpose allocators. In micro-benchmarks, pool allocators can show huge wins, and size-specific pools can reduce internal fragmentation. But often, utilization of individual pools is poor, and external fragmentation increases the overall memory usage.
- </div></li></ul></div></div><div class="section" id="idm225434627312"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225434627312">1.3.5. Conservative garbage collection</h3></div></div></div><div class="para">
+ </div></li></ul></div></div><div class="section" id="idm225457065376"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225457065376">1.3.5. Conservative garbage collection</h3></div></div></div><div class="para">
Garbage collection can be an alternative to explicit memory management using <code class="function">malloc</code> and <code class="function">free</code>. The Boehm-Dehmers-Weiser allocator can be used from C programs, with minimal type annotations. Performance is competitive with <code class="function">malloc</code> on 64-bit architectures, especially for multi-threaded programs. The stop-the-world pauses may be problematic for some real-time applications, though.
</div><div class="para">
However, using a conservative garbage collector may reduce opertunities for code reduce because once one library in a program uses garbage collection, the whole process memory needs to be subject to it, so that no pointers are missed. The Boehm-Dehmers-Weiser collector also reserves certain signals for internal use, so it is not fully transparent to the rest of the program.
@@ -349,21 +349,21 @@ snprintf(buf, <span class="perl_Keyword">sizeof</span>(buf), <span class="perl_S
Duplicating the buffer length checks based on the <code class="function">__builtin_object_size</code> GCC builtin is desirable if the wrapper processes arrays. (This functionality is used by the <code class="literal">-D_FORTIFY_SOURCE=2</code> checks to guard against static buffer overflows.) However, designing appropriate interfaces and implementing the checks may not be entirely straightforward.
</div></li></ul></div><div class="para">
For other attributes (such as <code class="literal">malloc</code>), careful analysis and comparison with the compiler documentation is required to check if propagating the attribute is appropriate. Incorrectly applied attributes can result in undesired behavioral changes in the compiled code.
- </div></div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-CXX" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 2. The C++ Programming Language</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Language">2.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225489138080">2.1.1. Array allocation with <code class="literal">operator new[]</code></a></span></dt><dt><span class="section"><a href="#idm225496547824">2.1.2. Overloading</a></span></dt><dt><span class="section"><a href="#idm225489139440">2.1.3. ABI compatibility and preparing for security updates</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Language-CXX11">2.1.4. C++0X and C++11 support</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std">2.2. The C++ standard library</a></span></dt><dd><dl><dt><
span class="section"><a href="#sect-Defensive_Coding-CXX-Std-Functions">2.2.1. Functions that are difficult to use</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std-String">2.2.2. String handling with <code class="literal">std::string</code></a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std-Subscript">2.2.3. Containers and <code class="literal">operator[]</code></a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std-Iterators">2.2.4. Iterators</a></span></dt></dl></dd></dl></div><div xml:lang="en-US" class="section" id="sect-Defensive_Coding-CXX-Language" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">2.1. The core language</h2></div></div></div><div class="para">
+ </div></div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-CXX" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 2. The C++ Programming Language</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Language">2.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225488414944">2.1.1. Array allocation with <code class="literal">operator new[]</code></a></span></dt><dt><span class="section"><a href="#idm225479524304">2.1.2. Overloading</a></span></dt><dt><span class="section"><a href="#idm225479527536">2.1.3. ABI compatibility and preparing for security updates</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Language-CXX11">2.1.4. C++0X and C++11 support</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std">2.2. The C++ standard library</a></span></dt><dd><dl><dt><
span class="section"><a href="#sect-Defensive_Coding-CXX-Std-Functions">2.2.1. Functions that are difficult to use</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std-String">2.2.2. String handling with <code class="literal">std::string</code></a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std-Subscript">2.2.3. Containers and <code class="literal">operator[]</code></a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-CXX-Std-Iterators">2.2.4. Iterators</a></span></dt></dl></dd></dl></div><div xml:lang="en-US" class="section" id="sect-Defensive_Coding-CXX-Language" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">2.1. The core language</h2></div></div></div><div class="para">
C++ includes a large subset of the C language. As far as the C subset is used, the recommendations in <a class="xref" href="#chap-Defensive_Coding-C">Chapter 1, <em>The C Programming Language</em></a> apply.
- </div><div class="section" id="idm225489138080"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225489138080">2.1.1. Array allocation with <code class="literal">operator new[]</code></h3></div></div></div><div class="para">
+ </div><div class="section" id="idm225488414944"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225488414944">2.1.1. Array allocation with <code class="literal">operator new[]</code></h3></div></div></div><div class="para">
For very large values of <code class="literal">n</code>, an expression like <code class="literal">new T[n]</code> can return a pointer to a heap region which is too small. In other words, not all array elements are actually backed with heap memory reserved to the array. Current GCC versions generate code that performs a computation of the form <code class="literal">sizeof(T) * size_t(n) + cookie_size</code>, where <code class="literal">cookie_size</code> is currently at most 8. This computation can overflow, and GCC versions prior to 4.8 generated code which did not detect this. (Fedora 18 was the first release which fixed this in GCC.)
</div><div class="para">
The <code class="literal">std::vector</code> template can be used instead an explicit array allocation. (The GCC implementation detects overflow internally.)
</div><div class="para">
If there is no alternative to <code class="literal">operator new[]</code> and the sources will be compiled with older GCC versions, code which allocates arrays with a variable length must check for overflow manually. For the <code class="literal">new T[n]</code> example, the size check could be <code class="literal">n || (n > 0 && n > (size_t(-1) - 8) / sizeof(T))</code>. (See <a class="xref" href="#sect-Defensive_Coding-C-Arithmetic">Section 1.1.3, “Recommendations for integer arithmetic”</a>.) If there are additional dimensions (which must be constants according to the C++ standard), these should be included as factors in the divisor.
</div><div class="para">
- These countermeasures prevent out-of-bounds writes and potential code execution. Very large memory allocations can still lead to a denial of service. <a class="xref" href="#sect-Defensive_Coding-Tasks-Serialization-Decoders">Section 12.1, “Recommendations for manually written decoders”</a> contains suggestions for mitigating this problem when processing untrusted data.
+ These countermeasures prevent out-of-bounds writes and potential code execution. Very large memory allocations can still lead to a denial of service. <a class="xref" href="#sect-Defensive_Coding-Tasks-Serialization-Decoders">Section 13.1, “Recommendations for manually written decoders”</a> contains suggestions for mitigating this problem when processing untrusted data.
</div><div class="para">
See <a class="xref" href="#sect-Defensive_Coding-C-Allocators-Arrays">Section 1.3.3, “Array allocation”</a> for array allocation advice for C-style memory allocation.
- </div></div><div class="section" id="idm225496547824"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225496547824">2.1.2. Overloading</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225479524304"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225479524304">2.1.2. Overloading</h3></div></div></div><div class="para">
Do not overload functions with versions that have different security characteristics. For instance, do not implement a function <code class="function">strcat</code> which works on <span class="type">std::string</span> arguments. Similarly, do not name methods after such functions.
- </div></div><div class="section" id="idm225489139440"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225489139440">2.1.3. ABI compatibility and preparing for security updates</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225479527536"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225479527536">2.1.3. ABI compatibility and preparing for security updates</h3></div></div></div><div class="para">
A stable binary interface (ABI) is vastly preferred for security updates. Without a stable ABI, all reverse dependencies need recompiling, which can be a lot of work and could even be impossible in some cases. Ideally, a security update only updates a single dynamic shared object, and is picked up automatically after restarting affected processes.
</div><div class="para">
Outside of extremely performance-critical code, you should ensure that a wide range of changes is possible without breaking ABI. Some very basic guidelines are:
@@ -776,21 +776,21 @@ AccessController.<span class="perl_Function">doPrivileged</span>(<span class="pe
});
}
}
-</pre></div></div><br class="example-break" /></div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Python" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 4. The Python Programming Language</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#idm225462965424">4.1. Dangerous standard library features</a></span></dt><dt><span class="section"><a href="#idm225437846320">4.2. Run-time compilation and code generation</a></span></dt><dt><span class="section"><a href="#idm225452013312">4.3. Sandboxing</a></span></dt></dl></div><div class="para">
+</pre></div></div><br class="example-break" /></div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Python" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 4. The Python Programming Language</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#idm225400167216">4.1. Dangerous standard library features</a></span></dt><dt><span class="section"><a href="#idm225428064608">4.2. Run-time compilation and code generation</a></span></dt><dt><span class="section"><a href="#idm225353336832">4.3. Sandboxing</a></span></dt></dl></div><div class="para">
Python provides memory safety by default, so low-level security vulnerabilities are rare and typically needs fixing the Python interpreter or standard library itself.
</div><div class="para">
Other sections with Python-specific advice include:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
- <a class="xref" href="#chap-Defensive_Coding-Tasks-Temporary_Files">Chapter 10, <em>Temporary files</em></a>
+ <a class="xref" href="#chap-Defensive_Coding-Tasks-Temporary_Files">Chapter 11, <em>Temporary files</em></a>
</div></li><li class="listitem"><div class="para">
- <a class="xref" href="#sect-Defensive_Coding-Tasks-Processes-Creation">Section 11.1, “Safe process creation”</a>
+ <a class="xref" href="#sect-Defensive_Coding-Tasks-Processes-Creation">Section 12.1, “Safe process creation”</a>
</div></li><li class="listitem"><div class="para">
- <a class="xref" href="#chap-Defensive_Coding-Tasks-Serialization">Chapter 12, <em>Serialization and Deserialization</em></a>, in particular <a class="xref" href="#sect-Defensive_Coding-Tasks-Serialization-Library">Section 12.4, “Library support for deserialization”</a>
+ <a class="xref" href="#chap-Defensive_Coding-Tasks-Serialization">Chapter 13, <em>Serialization and Deserialization</em></a>, in particular <a class="xref" href="#sect-Defensive_Coding-Tasks-Serialization-Library">Section 13.4, “Library support for deserialization”</a>
</div></li><li class="listitem"><div class="para">
- <a class="xref" href="#sect-Defensive_Coding-Tasks-Cryptography-Randomness">Section 13.2, “Randomness”</a>
- </div></li></ul></div><div class="section" id="idm225462965424"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225462965424">4.1. Dangerous standard library features</h2></div></div></div><div class="para">
+ <a class="xref" href="#sect-Defensive_Coding-Tasks-Cryptography-Randomness">Section 14.2, “Randomness”</a>
+ </div></li></ul></div><div class="section" id="idm225400167216"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225400167216">4.1. Dangerous standard library features</h2></div></div></div><div class="para">
Some areas of the standard library, notably the <code class="literal">ctypes</code> module, do not provide memory safety guarantees comparable to the rest of Python. If such functionality is used, the advice in <a class="xref" href="#sect-Defensive_Coding-C-Language">Section 1.1, “The core language”</a> should be followed.
- </div></div><div class="section" id="idm225437846320"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225437846320">4.2. Run-time compilation and code generation</h2></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225428064608"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225428064608">4.2. Run-time compilation and code generation</h2></div></div></div><div class="para">
The following Python functions and statements related to code execution should be avoided:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
<code class="function">compile</code>
@@ -802,23 +802,166 @@ AccessController.<span class="perl_Function">doPrivileged</span>(<span class="pe
<code class="function">execfile</code>
</div></li></ul></div><div class="para">
If you need to parse integers or floating point values, use the <code class="function">int</code> and <code class="function">float</code> functions instead of <code class="function">eval</code>. Sandboxing untrusted Python code does not work reliably.
- </div></div><div class="section" id="idm225452013312"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225452013312">4.3. Sandboxing</h2></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225353336832"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225353336832">4.3. Sandboxing</h2></div></div></div><div class="para">
The <code class="literal">rexec</code> Python module cannot safely sandbox untrusted code and should not be used. The standard CPython implementation is not suitable for sandboxing.
- </div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Go" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 5. The Go Programming Language</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#chap-Defensive_Coding-Go-Memory_Safety">5.1. Memory safety</a></span></dt><dt><span class="section"><a href="#chap-Defensive_Coding-Go-Error_Handling">5.2. Error handling</a></span></dt><dt><span class="section"><a href="#chap-Defensive_Coding-Go-Garbage_Collector">5.3. Garbage Collector</a></span></dt></dl></div><div class="para">
+ </div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Shell" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 5. Shell Programming and <span class="application"><strong>bash</strong></span></h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#sect-Defensive_Coding-Shell-Alternatives">5.1. Consider alternatives</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Shell-Language">5.2. Shell language features</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Shell-Parameter_Expansion">5.2.1. Parameter expansion</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Shell-Double_Expansion">5.2.2. Double expansion</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Shell-Obscure">5.2.3. Other obscurities</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Shell-Invoke">
5.3. Invoking external commands</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Shell-Temporary_Files">5.4. Temporary files</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Shell-Input_Validation">5.5. Performing input validation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Shell-Edit_Guard">5.6. Guarding shell scripts against changes</a></span></dt></dl></div><div class="para">
+ This chapter contains advice about shell programming, specifically in <span class="application"><strong>bash</strong></span>. Most of the advice will apply to scripts written for other shells because extensions such as integer or array variables have been implemented there as well, with comparable syntax.
+ </div><div class="section" id="sect-Defensive_Coding-Shell-Alternatives"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">5.1. Consider alternatives</h2></div></div></div><div class="para">
+ Once a shell script is so complex that advice in this chapter applies, it is time to step back and consider the question: Is there a more suitable implementation language available?
+ </div><div class="para">
+ For example, Python with its <code class="literal">subprocess</code> module can be used to write scripts which are almost as concise as shell scripts when it comes to invoking external programs, and Python offers richer data structures, with less arcane syntax and more consistent behavior.
+ </div></div><div class="section" id="sect-Defensive_Coding-Shell-Language"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">5.2. Shell language features</h2></div></div></div><div class="para">
+ The following sections cover subtleties concerning the shell programming languages. They have been written with the <span class="application"><strong>bash</strong></span> shell in mind, but some of these features apply to other shells as well.
+ </div><div class="para">
+ Some of the features described may seem like implementation defects, but these features have been replicated across multiple independent implementations, so they now have to be considered part of the shell programming language.
+ </div><div class="section" id="sect-Defensive_Coding-Shell-Parameter_Expansion"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">5.2.1. Parameter expansion</h3></div></div></div><div class="para">
+ The mechanism by which named shell variables and parameters are expanded is called <span class="emphasis"><em>parameter expansion</em></span>. The most basic syntax is “<code class="literal">$</code><span class="emphasis"><em>variable</em></span>” or “<code class="literal">${</code><span class="emphasis"><em>variable</em></span><code class="literal">}</code>”.
+ </div><div class="para">
+ In almost all cases, a parameter expansion should be enclosed in double quotation marks <code class="literal">"</code>…<code class="literal">"</code>.
+ </div><div class="informalexample"><pre class="programlisting">
+external-program <span class="perl_String">"</span><span class="perl_Others">$arg1</span><span class="perl_String">"</span> <span class="perl_String">"</span><span class="perl_Others">$arg2</span><span class="perl_String">"</span>
+</pre></div><div class="para">
+ If the double quotation marks are omitted, the value of the variable will be split according to the current value of the <code class="envar">IFS</code> variable. This may allow the injection of additional options which are then processed by <code class="literal">external-program</code>.
+ </div><div class="para">
+ Parameter expansion can use special syntax for specific features, such as substituting defaults or performing string or array operations. These constructs should not be used because they can trigger arithmetic evaluation, which can result in code execution. See <a class="xref" href="#sect-Defensive_Coding-Shell-Arithmetic">Section 5.2.2.1, “Arithmetic evaluation”</a>.
+ </div></div><div class="section" id="sect-Defensive_Coding-Shell-Double_Expansion"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">5.2.2. Double expansion</h3></div></div></div><div class="para">
+ <span class="emphasis"><em>Double expansion</em></span> occurs when, during the expansion of a shell variable, not just the variable is expanded, replacing it by its value, but the <span class="emphasis"><em>value</em></span> of the variable is itself is expanded as well. This can trigger arbitrary code execution, unless the value of the variable is verified against a restrictive pattern.
+ </div><div class="para">
+ The evaluation process is in fact recursive, so a self-referential expression can cause an out-of-memory condition and a shell crash.
+ </div><div class="para">
+ Double expansion may seem like as a defect, but it is implemented by many shells, and has to be considered an integral part of the shell programming language. However, it does make writing robust shell scripts difficult.
+ </div><div class="para">
+ Double expansion can be requested explicitly with the <code class="literal">eval</code> built-in command, or by invoking a subshell with “<code class="literal">bash -c</code>”. These constructs should not be used.
+ </div><div class="para">
+ The following sections give examples of places where implicit double expansion occurs.
+ </div><div class="section" id="sect-Defensive_Coding-Shell-Arithmetic"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title">5.2.2.1. Arithmetic evaluation</h4></div></div></div><div class="para">
+ <span class="emphasis"><em>Arithmetic evaluation</em></span> is a process by which the shell computes the integer value of an expression specified as a string. It is highly problematic for two reasons: It triggers double expansion (see <a class="xref" href="#sect-Defensive_Coding-Shell-Double_Expansion">Section 5.2.2, “Double expansion”</a>), and the language of arithmetic expressions is not self-contained. Some constructs in arithmetic expressions (notably array subscripts) provide a trapdoor from the restricted language of arithmetic expressions to the full shell language, thus paving the way towards arbitrary code execution. Due to double expansion, input which is (indirectly) referenced from an arithmetic expression can trigger execution of arbitrary code, which is potentially harmful.
+ </div><div class="para">
+ Arithmetic evaluation is triggered by the follow constructs:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ The <span class="emphasis"><em>expression</em></span> in “<code class="literal">$((</code><span class="emphasis"><em>expression</em></span><code class="literal">))</code>” is evaluated. This construct is called <span class="emphasis"><em>arithmetic expansion</em></span>.
+ </div></li><li class="listitem"><div class="para">
+ “<code class="literal">$[</code><span class="emphasis"><em>expression</em></span><code class="literal">]</code>” is a deprecated syntax with the same effect.
+ </div></li><li class="listitem"><div class="para">
+ The arguments to the <code class="literal">let</code> shell built-in are evaluated.
+ </div></li><li class="listitem"><div class="para">
+ “<code class="literal">((</code><span class="emphasis"><em>expression</em></span><code class="literal">))</code>” is an alternative syntax for “<code class="literal">let </code><span class="emphasis"><em>expression</em></span>”.
+ </div></li><li class="listitem"><div class="para">
+ Conditional expressions surrounded by “<code class="literal">[[</code>…<code class="literal">]]</code>” can trigger arithmetic evaluation if certain operators such as <code class="literal">-eq</code> are used. (The <code class="literal">test</code> built-in does not perform arithmetic evaluation, even with integer operators such as <code class="literal">-eq</code>.)
+ </div><div class="para">
+ The conditional expression “<code class="literal">[[ $</code><span class="emphasis"><em>variable</em></span><code class="literal"> =~ </code><span class="emphasis"><em>regexp</em></span><code class="literal"> ]]</code>” can be used for input validation, assuming that <span class="emphasis"><em>regexp</em></span> is a constant regular expression. See <a class="xref" href="#sect-Defensive_Coding-Shell-Input_Validation">Section 5.5, “Performing input validation”</a>.
+ </div></li><li class="listitem"><div class="para">
+ Certain parameter expansions, for example “<code class="literal">${</code><span class="emphasis"><em>variable</em></span><code class="literal">[</code><span class="emphasis"><em>expression</em></span><code class="literal">]}</code>” (array indexing) or “<code class="literal">${</code><span class="emphasis"><em>variable</em></span><code class="literal">:</code><span class="emphasis"><em>expression</em></span><code class="literal">}</code>” (string slicing), trigger arithmetic evaluation of <span class="emphasis"><em>expression</em></span>.
+ </div></li><li class="listitem"><div class="para">
+ Assignment to array elements using “<span class="emphasis"><em>array_variable</em></span><code class="literal">[</code><span class="emphasis"><em>subscript</em></span><code class="literal">]=</code><span class="emphasis"><em>expression</em></span>” triggers evaluation of <span class="emphasis"><em>subscript</em></span>, but not <span class="emphasis"><em>expression</em></span>.
+ </div></li><li class="listitem"><div class="para">
+ The expressions in the arithmetic <code class="literal">for</code> command, “<code class="literal">for ((</code><span class="emphasis"><em>expression1</em></span><code class="literal">; </code><span class="emphasis"><em>expression2</em></span><code class="literal">; </code><span class="emphasis"><em>expression3</em></span><code class="literal">)); do </code><span class="emphasis"><em>commands</em></span><code class="literal">; done</code>” are evaluated. This does not apply to the regular for command, “<code class="literal">for </code><span class="emphasis"><em>variable</em></span><code class="literal"> in </code><span class="emphasis"><em>list</em></span><code class="literal">; do </code><span class="emphasis"><em>commands</em></span><code class="literal">; done</code>”.
+ </div></li></ul></div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ Depending on the <span class="application"><strong>bash</strong></span> version, the above list may be incomplete.
+ </div><div class="para">
+ If faced with a situation where using such shell features appears necessary, see <a class="xref" href="#sect-Defensive_Coding-Shell-Alternatives">Section 5.1, “Consider alternatives”</a>.
+ </div></div></div><div class="para">
+ If it is impossible to avoid shell arithmetic on untrusted inputs, refer to <a class="xref" href="#sect-Defensive_Coding-Shell-Input_Validation">Section 5.5, “Performing input validation”</a>.
+ </div></div><div class="section" id="sect-Defensive_Coding-Shell-Types"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title">5.2.2.2. Type declarations</h4></div></div></div><div class="para">
+ <span class="application"><strong>bash</strong></span> supports explicit type declarations for shell variables:
+ </div><div class="informalexample"><pre class="programlisting">
+ <span class="perl_Reserved">declare</span> -i <span class="perl_Others">integer_variable</span>
+ <span class="perl_Reserved">declare</span> -a <span class="perl_Others">array_variable</span>
+ <span class="perl_Reserved">declare</span> -A <span class="perl_Others">assoc_array_variable</span>
+
+ <span class="perl_Reserved">typeset</span> -i <span class="perl_Others">integer_variable</span>
+ <span class="perl_Reserved">typeset</span> -a <span class="perl_Others">array_variable</span>
+ <span class="perl_Reserved">typeset</span> -A <span class="perl_Others">assoc_array_variable</span>
+
+ <span class="perl_Reserved">local</span> -i <span class="perl_Others">integer_variable</span>
+ <span class="perl_Reserved">local</span> -a <span class="perl_Others">array_variable</span>
+ <span class="perl_Reserved">local</span> -A <span class="perl_Others">assoc_array_variable</span>
+
+ <span class="perl_Reserved">readonly</span> -i <span class="perl_Others">integer_variable</span>
+ <span class="perl_Reserved">readonly</span> -a <span class="perl_Others">array_variable</span>
+ <span class="perl_Reserved">readonly</span> -A <span class="perl_Others">assoc_array_variable</span>
+</pre></div><div class="para">
+ Variables can also be declared as arrays by assigning them an array expression, as in:
+ </div><div class="informalexample"><pre class="programlisting">
+<span class="perl_Others">array_variable=(</span>1 2 3 4<span class="perl_Others">)</span>
+</pre></div><div class="para">
+ Some built-ins (such as <code class="literal">mapfile</code>) can implicitly create array variables.
+ </div><div class="para">
+ Such type declarations should not be used because assignment to such variables (independent of the concrete syntax used for the assignment) triggers arithmetic expansion (and thus double expansion) of the right-hand side of the assignment operation. See <a class="xref" href="#sect-Defensive_Coding-Shell-Arithmetic">Section 5.2.2.1, “Arithmetic evaluation”</a>.
+ </div><div class="para">
+ Shell scripts which use integer or array variables should be rewritten in another, more suitable language. Se <a class="xref" href="#sect-Defensive_Coding-Shell-Alternatives">Section 5.1, “Consider alternatives”</a>.
+ </div></div></div><div class="section" id="sect-Defensive_Coding-Shell-Obscure"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">5.2.3. Other obscurities</h3></div></div></div><div class="para">
+ Obscure shell language features should not be used. Examples are:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Exported functions (<code class="literal">export -f</code> or <code class="literal">declare -f</code>).
+ </div></li><li class="listitem"><div class="para">
+ Function names which are not valid variable names, such as “<code class="literal">module::function</code>”.
+ </div></li><li class="listitem"><div class="para">
+ The possibility to override built-ins or external commands with shell functions.
+ </div></li><li class="listitem"><div class="para">
+ Changing the value of the <code class="envar">IFS</code> variable to tokenize strings.
+ </div></li></ul></div></div></div><div class="section" id="sect-Defensive_Coding-Shell-Invoke"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">5.3. Invoking external commands</h2></div></div></div><div class="para">
+ When passing shell variables as single command line arguments, they should always be surrounded by double quotes. See <a class="xref" href="#sect-Defensive_Coding-Shell-Parameter_Expansion">Section 5.2.1, “Parameter expansion”</a>.
+ </div><div class="para">
+ Care is required when passing untrusted values as positional parameters to external commands. If the value starts with a hyphen “<code class="literal">-</code>”, it may be interpreted by the external command as an option. Depending on the external program, a “<code class="literal">--</code>” argument stops option processing and treats all following arguments as positional parameters. (Double quotes are completely invisible to the command being invoked, so they do not prevent variable values from being interpreted as options.)
+ </div><div class="para">
+ Cleaning the environment before invoking child processes is difficult to implement in script. <span class="application"><strong>bash</strong></span> keeps a hidden list of environment variables which do not correspond to shell variables, and unsetting them from within a <span class="application"><strong>bash</strong></span> script is not possible. To reset the environment, a script can re-run itself under the “<code class="literal">env -i</code>” command with an additional parameter which indicates the environment has been cleared and suppresses a further self-execution. Alternatively, individual commands can be executed with “<code class="literal">env -i</code>”.
+ </div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ Completely isolation from its original execution environment (which is required when the script is executed after a trust transition, e.g., triggered by the SUID mechanism) is impossible to achieve from within the shell script itself. Instead, the invoking process has to clear the process environment (except for few trusted variables) before running the shell script.
+ </div></div></div><div class="para">
+ Checking for failures in executed external commands is recommended. If no elaborate error recovery is needed, invoking “<code class="literal">set -e</code>” may be sufficient. This causes the script to stop on the first failed command. However, failures in pipes (“<code class="literal">command1 | command2</code>”) are only detected for the last command in the pipe, errors in previous commands are ignored. This can be changed by invoking “<code class="literal">set -o pipefail</code>”. Due to architectural limitations, only the process that spawned the entire pipe can check for failures in individual commands; it is not possible for a process to tell if the process feeding data (or the process consuming data) exited normally or with an error.
+ </div><div class="para">
+ See <a class="xref" href="#sect-Defensive_Coding-Tasks-Processes-Creation">Section 12.1, “Safe process creation”</a> for additional details on creating child processes.
+ </div></div><div class="section" id="sect-Defensive_Coding-Shell-Temporary_Files"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">5.4. Temporary files</h2></div></div></div><div class="para">
+ Temporary files should be created with the <code class="literal">mktemp</code> command, and temporary directories with “<code class="literal">mktemp -d</code>”.
+ </div><div class="para">
+ To clean up temporary files and directories, write a clean-up shell function and register it as a trap handler, as shown in <a class="xref" href="#ex-Defensive_Coding-Tasks-Temporary_Files">Example 5.1, “Creating and cleaning up temporary files”</a>. Using a separate function avoids issues with proper quoting of variables.
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Temporary_Files"><h6>Example 5.1. Creating and cleaning up temporary files</h6><div class="example-contents"><div class="informalexample"><pre class="programlisting">
+<span class="perl_Others">tmpfile=</span><span class="perl_String">"</span><span class="perl_Others">$(</span><span class="perl_BString">mktemp</span><span class="perl_Others">)</span><span class="perl_String">"</span>
+
+<span class="perl_Char">cleanup ()</span> <span class="perl_Keyword">{</span>
+ <span class="perl_BString">rm</span> -f -- <span class="perl_String">"</span><span class="perl_Others">$tmpfile</span><span class="perl_String">"</span>
+<span class="perl_Keyword">}</span>
+
+<span class="perl_Reserved">trap</span> cleanup 0
+</pre></div></div></div><br class="example-break" /></div><div class="section" id="sect-Defensive_Coding-Shell-Input_Validation"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">5.5. Performing input validation</h2></div></div></div><div class="para">
+ In some cases, input validation cannot be avoided. For example, if arithmetic evaluation is absolutely required, it is imperative to check that input values are, in fact, integers. See <a class="xref" href="#sect-Defensive_Coding-Shell-Arithmetic">Section 5.2.2.1, “Arithmetic evaluation”</a>.
+ </div><div class="para">
+ <a class="xref" href="#ex-Defensive_Coding-Shell-Input_Validation">Example 5.2, “Input validation in <span class="application">bash</span>”</a> shows a construct which can be used to check if a string “<code class="literal">$value</code>” is an integer. This construct is specific to <span class="application"><strong>bash</strong></span> and not portable to POSIX shells.
+ </div><div class="example" id="ex-Defensive_Coding-Shell-Input_Validation"><h6>Example 5.2. Input validation in <span class="application">bash</span></h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+<span class="perl_Keyword">if [[</span> <span class="perl_Others">$value</span> =~ ^-?[0-9]+$<span class="perl_Keyword"> ]]</span> ; <span class="perl_Keyword">then</span>
+ <span class="perl_Reserved">echo</span> value is an integer
+<span class="perl_Keyword">else</span>
+ <span class="perl_Reserved">echo</span> <span class="perl_String">"value is not an integer"</span> <span class="perl_Operator">1>&2</span>
+ <span class="perl_Reserved">exit</span> 1
+<span class="perl_Keyword">fi</span>
+</pre></div></div><br class="example-break" /><div class="para">
+ Using <code class="literal">case</code> statements for input validation is also possible and supported by other (POSIX) shells, but the pattern language is more restrictive, and it can be difficult to write suitable patterns.
+ </div><div class="para">
+ The <code class="literal">expr</code> external command can give misleading results (e.g., if the value being checked contains operators itself) and should not be used.
+ </div></div><div class="section" id="sect-Defensive_Coding-Shell-Edit_Guard"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">5.6. Guarding shell scripts against changes</h2></div></div></div><div class="para">
+ <span class="application"><strong>bash</strong></span> only reads a shell script up to the point it is needed for executed the next command. This means that if script is overwritten while it is running, execution can jump to a random part of the script, depending on what is modified in the script and how the file offsets change as a result. (This behavior is needed to support self-extracting shell archives whose script part is followed by a stream of bytes which does not follow the shell language syntax.)
+ </div><div class="para">
+ Therefore, long-running scripts should be guarded against concurrent modification by putting as much of the program logic into a <code class="literal">main</code> function, and invoking the <code class="literal">main</code> function at the end of the script, using this syntax:
+ </div><div class="informalexample"><pre class="programlisting">
+main <span class="perl_String">"</span><span class="perl_Others">$@</span><span class="perl_String">"</span> ; <span class="perl_Reserved">exit</span> <span class="perl_Others">$?</span>
+</pre></div><div class="para">
+ This construct ensures that <span class="application"><strong>bash</strong></span> will stop execution after the <code class="literal">main</code> function, instead of opening the script file and trying to read more commands.
+ </div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Go" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 6. The Go Programming Language</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#chap-Defensive_Coding-Go-Memory_Safety">6.1. Memory safety</a></span></dt><dt><span class="section"><a href="#chap-Defensive_Coding-Go-Error_Handling">6.2. Error handling</a></span></dt><dt><span class="section"><a href="#chap-Defensive_Coding-Go-Garbage_Collector">6.3. Garbage Collector</a></span></dt><dt><span class="section"><a href="#chap-Defensive_Coding-Go-Marshaling">6.4. Marshaling and unmarshaling</a></span></dt></dl></div><div class="para">
This chapter contains language-specific recommendations for Go.
- </div><div class="section" id="chap-Defensive_Coding-Go-Memory_Safety"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">5.1. Memory safety</h2></div></div></div><div class="para">
+ </div><div class="section" id="chap-Defensive_Coding-Go-Memory_Safety"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">6.1. Memory safety</h2></div></div></div><div class="para">
Go provides memory safety, but only if the program is not executed in parallel (that is, <code class="envar">GOMAXPROCS</code> is not larger than <code class="literal">1</code>). The reason is that interface values and slices consist of multiple words are not updated atomically. Another thread of execution can observe an inconsistent pairing between type information and stored value (for interfaces) or pointer and length (for slices), and such inconsistency can lead to a memory safety violation.
</div><div class="para">
- Code which does not run in parallel and does not use the <code class="literal">unsafe</code> package (or other packages which expose unsafe constructs) is memory-safe. For example, invalid casts and out-of-range subscripting cause panics and run time.
+ Code which does not run in parallel and does not use the <code class="literal">unsafe</code> package (or other packages which expose unsafe constructs) is memory-safe. For example, invalid casts and out-of-range subscripting cause panics at run time.
</div><div class="para">
Keep in mind that finalization can introduce parallelism because finalizers are executed concurrently, potentially interleaved with the rest of the program.
- </div></div><div class="section" id="chap-Defensive_Coding-Go-Error_Handling"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">5.2. Error handling</h2></div></div></div><div class="para">
+ </div></div><div class="section" id="chap-Defensive_Coding-Go-Error_Handling"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">6.2. Error handling</h2></div></div></div><div class="para">
Only a few common operations (such as pointer dereference, integer division, array subscripting) trigger exceptions in Go, called <span class="emphasis"><em>panics</em></span>. Most interfaces in the standard library use a separate return value of type <code class="literal">error</code> to signal error.
</div><div class="para">
Not checking error return values can lead to incorrect operation and data loss (especially in the case of writes, using interfaces such as <code class="literal">io.Writer</code>).
</div><div class="para">
- The correct way to check error return values depends on the function or method being called. In the majority of cases, the first step after calling a function should be an error check against the <code class="literal">nil</code> value, handling any encountered error. See <a class="xref" href="#ex-Defensive_Coding-Go-Error_Handling-Regular">Example 5.1, “Regular error handling in Go”</a> for details.
- </div><div class="example" id="ex-Defensive_Coding-Go-Error_Handling-Regular"><h6>Example 5.1. Regular error handling in Go</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ The correct way to check error return values depends on the function or method being called. In the majority of cases, the first step after calling a function should be an error check against the <code class="literal">nil</code> value, handling any encountered error. See <a class="xref" href="#ex-Defensive_Coding-Go-Error_Handling-Regular">Example 6.1, “Regular error handling in Go”</a> for details.
+ </div><div class="example" id="ex-Defensive_Coding-Go-Error_Handling-Regular"><h6>Example 6.1. Regular error handling in Go</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
type Processor interface {
Process(buf []byte) (message string, err error)
}
@@ -837,8 +980,8 @@ func RegularError(buf []byte, processor Processor,
<span class="perl_Keyword">return</span>
}
</pre></div></div><br class="example-break" /><div class="para">
- However, with <code class="literal">io.Reader</code>, <code class="literal">io.ReaderAt</code> and related interfaces, it is necessary to check for a non-zero number of read bytes first, as shown in <a class="xref" href="#ex-Defensive_Coding-Go-Error_Handling-IO">Example 5.2, “Read error handling in Go”</a>. If this pattern is not followed, data loss may occur. This is due to the fact that the <code class="literal">io.Reader</code> interface permits returning both data and an error at the same time.
- </div><div class="example" id="ex-Defensive_Coding-Go-Error_Handling-IO"><h6>Example 5.2. Read error handling in Go</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ However, with <code class="literal">io.Reader</code>, <code class="literal">io.ReaderAt</code> and related interfaces, it is necessary to check for a non-zero number of read bytes first, as shown in <a class="xref" href="#ex-Defensive_Coding-Go-Error_Handling-IO">Example 6.2, “Read error handling in Go”</a>. If this pattern is not followed, data loss may occur. This is due to the fact that the <code class="literal">io.Reader</code> interface permits returning both data and an error at the same time.
+ </div><div class="example" id="ex-Defensive_Coding-Go-Error_Handling-IO"><h6>Example 6.2. Read error handling in Go</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
func IOError(r io.Reader, buf []byte, processor Processor,
handler ErrorHandler) (message string, err error) {
n, err := r.Read(buf)
@@ -858,9 +1001,13 @@ func IOError(r io.Reader, buf []byte, processor Processor,
}
<span class="perl_Keyword">return</span>
}
-</pre></div></div><br class="example-break" /></div><div class="section" id="chap-Defensive_Coding-Go-Garbage_Collector"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">5.3. Garbage Collector</h2></div></div></div><div class="para">
+</pre></div></div><br class="example-break" /></div><div class="section" id="chap-Defensive_Coding-Go-Garbage_Collector"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">6.3. Garbage Collector</h2></div></div></div><div class="para">
Older Go releases (before Go 1.3) use a conservative garbage collector without blacklisting. This means that data blobs can cause retention of unrelated data structures because the data is conservatively interpreted as pointers. This phenomenon can be triggered accidentally on 32-bit architectures and is more likely to occur if the heap grows larger. On 64-bit architectures, it may be possible to trigger it deliberately—it is unlikely to occur spontaneously.
- </div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Vala" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 6. The Vala Programming Language</h2></div></div></div><div class="para">
+ </div></div><div class="section" id="chap-Defensive_Coding-Go-Marshaling"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">6.4. Marshaling and unmarshaling</h2></div></div></div><div class="para">
+ Several packages in the <code class="literal">encoding</code> hierarchy provide support for serialization and deserialization. The usual caveats apply (see <a class="xref" href="#chap-Defensive_Coding-Tasks-Serialization">Chapter 13, <em>Serialization and Deserialization</em></a>).
+ </div><div class="para">
+ As an additional precaution, the <code class="function">Unmarshal</code> and <code class="function">Decode</code> functions should only be used with fresh values in the <code class="literal">interface{}</code> argument. This is due to the way defaults for missing values are implemented: During deserialization, missing value do not result in an error, but the original value is preserved. Using a fresh value (with suitable default values if necessary) ensures that data from a previous deserialization operation does not leak into the current one. This is especially relevant when structs are deserialized.
+ </div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Vala" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 7. The Vala Programming Language</h2></div></div></div><div class="para">
Vala is a programming language mainly targeted at GNOME developers.
</div><div class="para">
Its syntax is inspired by C# (and thus, indirectly, by Java). But unlike C# and Java, Vala does not attempt to provide memory safety: Vala is compiled to C, and the C code is compiled with GCC using typical compiler flags. Basic operations like integer arithmetic are directly mapped to C constructs. As a results, the recommendations in <a class="xref" href="#chap-Defensive_Coding-C">Chapter 1, <em>The C Programming Language</em></a> apply.
@@ -872,11 +1019,11 @@ func IOError(r io.Reader, buf []byte, processor Processor,
Pointer arithmetic, string subscripting and the <code class="literal">substring</code> method on strings (the <code class="literal">string</code> class in the <code class="literal">glib-2.0</code> package) are not range-checked. It is the responsibility of the calling code to ensure that the arguments being passed are valid. This applies even to cases (like <code class="literal">substring</code>) where the implementation would have range information to check the validity of indexes. See <a class="xref" href="#sect-Defensive_Coding-C-Pointers">Section 1.1.2, “Recommendations for pointers and array handling”</a>.
</div></li><li class="listitem"><div class="para">
Similarly, Vala only performs garbage collection (through reference counting) for <code class="literal">GObject</code> values. For plain C pointers (such as strings), the programmer has to ensure that storage is deallocated once it is no longer needed (to avoid memory leaks), and that storage is not being deallocated while it is still being used (see <a class="xref" href="#sect-Defensive_Coding-C-Use-After-Free">Section 1.3.1.1, “Use-after-free errors”</a>).
- </div></li></ul></div></div></div><div class="part" id="idm225446782352"><div class="titlepage"><div><div text-align="center"><h1 class="title">Part II. Specific Programming Tasks</h1></div></div></div><div class="toc"><p><strong>Table of Contents</strong></p><dl class="toc"><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-Library_Design">7. Library Design</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225461550096">7.1. State management</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225456220368">7.1.1. Global state</a></span></dt><dt><span class="section"><a href="#idm225456360144">7.1.2. Handles</a></span></dt></dl></dd><dt><span class="section"><a href="#idm225362028336">7.2. Object orientation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Library_Design-Callbacks">7.3. Callbacks</a></span></dt><dt><span class="section"><a href="#idm225458031568">7.4. Process attributes</a></span></dt></dl
></dd><dt><span class="chapter"><a href="#sect-Defensive_Coding-Tasks-Descriptors">8. File Descriptor Management</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225463482160">8.1. Closing descriptors</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225452445568">8.1.1. Error handling during descriptor close</a></span></dt><dt><span class="section"><a href="#idm225452860400">8.1.2. Closing descriptors and race conditions</a></span></dt><dt><span class="section"><a href="#idm225442407552">8.1.3. Lingering state after close</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Descriptors-Child_Processes">8.2. Preventing file descriptor leaks to child processes</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Descriptors-Limit">8.3. Dealing with the <code class="function">select</code> limit</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-File_Sys
tem">9. File system manipulation</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Unowned">9.1. Working with files and directories owned by other users</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Foreign">9.2. Accessing the file system as a different user</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Limits">9.3. File system limits</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Features">9.4. File system features</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Free_Space">9.5. Checking free space</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-Temporary_Files">10. Temporary files</a></span></dt><dd><dl><dt><span class="section"><a href="#chap-Defensive_Coding-Tasks-Temporary_Files-Location">10.1. Obtaining the
location of temporary directory</a></span></dt><dt><span class="section"><a href="#idm225440111200">10.2. Named temporary files</a></span></dt><dt><span class="section"><a href="#idm225471949376">10.3. Temporary files without names</a></span></dt><dt><span class="section"><a href="#chap-Defensive_Coding-Tasks-Temporary_Directory">10.4. Temporary directories</a></span></dt><dt><span class="section"><a href="#idm225466685888">10.5. Compensating for unsafe file creation</a></span></dt></dl></dd><dt><span class="chapter"><a href="#sect-Defensive_Coding-Tasks-Processes">11. Processes</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Creation">11.1. Safe process creation</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225451489136">11.1.1. Obtaining the program path and the command line template</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-execve">11.1.2. Bypassing the shell</
a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-environ">11.1.3. Specifying the process environment</a></span></dt><dt><span class="section"><a href="#idm225449401040">11.1.4. Robust argument list processing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Command_Line_Visibility">11.1.5. Passing secrets to subprocesses</a></span></dt></dl></dd><dt><span class="section"><a href="#idm225441023584">11.2. Handling child process termination</a></span></dt><dt><span class="section"><a href="#idm225456597984">11.3. <code class="literal">SUID</code>/<code class="literal">SGID</code> processes</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-secure_getenv">11.3.1. Accessing environment variables</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Daemons">11.4. Daemons</a></span></dt><dt><span class="section"><a href="#i
dm225410763344">11.5. Semantics of command line arguments</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Fork-Parallel">11.6. <code class="function">fork</code> as a primitive for parallelism</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-Serialization">12. Serialization and Deserialization</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Decoders">12.1. Recommendations for manually written decoders</a></span></dt><dt><span class="section"><a href="#idm225454526272">12.2. Protocol design</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Fragmentation">12.3. Fragmentation</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Fragmentation-ID">12.3.1. Fragment IDs</a></span></dt></dl></dd><dt><span class="section"><a href="#idm225453976880">12.4. Library
support for deserialization</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML">12.5. XML serialization</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-External">12.5.1. External references</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-Entities">12.5.2. Entity expansion</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-XInclude">12.5.3. XInclude processing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-Validation">12.5.4. Algorithmic complexity of XML validation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-Expat">12.5.5. Using Expat for XML parsing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Qt">12.5.6. Using Qt for XML parsing</
a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse">12.5.7. Using OpenJDK for XML parsing and validation</a></span></dt></dl></dd><dt><span class="section"><a href="#idm225461438784">12.6. Protocol Encoders</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-Cryptography">13. Cryptography</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225439624448">13.1. Primitives</a></span></dt><dt><span class="section"><a href="#idm225469447536">13.2. Randomness</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-Packaging">14. RPM packaging</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Packaging-Certificates">14.1. Generating X.509 self-signed certificates during installation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Packaging-Certificates-Service">14.2. Generating
X.509 self-signed certificates before service start</a></span></dt></dl></dd></dl></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-Library_Design" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 7. Library Design</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#idm225461550096">7.1. State management</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225456220368">7.1.1. Global state</a></span></dt><dt><span class="section"><a href="#idm225456360144">7.1.2. Handles</a></span></dt></dl></dd><dt><span class="section"><a href="#idm225362028336">7.2. Object orientation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Library_Design-Callbacks">7.3. Callbacks</a></span></dt><dt><span class="section"><a href="#idm225458031568">7.4. Process attributes</a></span></dt></dl></div><div class="para">
+ </div></li></ul></div></div></div><div class="part" id="idm225430151904"><div class="titlepage"><div><div text-align="center"><h1 class="title">Part II. Specific Programming Tasks</h1></div></div></div><div class="toc"><p><strong>Table of Contents</strong></p><dl class="toc"><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-Library_Design">8. Library Design</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225442354272">8.1. State management</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225460623712">8.1.1. Global state</a></span></dt><dt><span class="section"><a href="#idm225445373952">8.1.2. Handles</a></span></dt></dl></dd><dt><span class="section"><a href="#idm225465970912">8.2. Object orientation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Library_Design-Callbacks">8.3. Callbacks</a></span></dt><dt><span class="section"><a href="#idm225427877808">8.4. Process attributes</a></span></dt></dl
></dd><dt><span class="chapter"><a href="#sect-Defensive_Coding-Tasks-Descriptors">9. File Descriptor Management</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225453644928">9.1. Closing descriptors</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225457482448">9.1.1. Error handling during descriptor close</a></span></dt><dt><span class="section"><a href="#idm225433132304">9.1.2. Closing descriptors and race conditions</a></span></dt><dt><span class="section"><a href="#idm225443666496">9.1.3. Lingering state after close</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Descriptors-Child_Processes">9.2. Preventing file descriptor leaks to child processes</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Descriptors-Limit">9.3. Dealing with the <code class="function">select</code> limit</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-File_Sys
tem">10. File system manipulation</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Unowned">10.1. Working with files and directories owned by other users</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Foreign">10.2. Accessing the file system as a different user</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Limits">10.3. File system limits</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Features">10.4. File system features</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Free_Space">10.5. Checking free space</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-Temporary_Files">11. Temporary files</a></span></dt><dd><dl><dt><span class="section"><a href="#chap-Defensive_Coding-Tasks-Temporary_Files-Location">11.1. Obtaini
ng the location of temporary directory</a></span></dt><dt><span class="section"><a href="#idm225390206256">11.2. Named temporary files</a></span></dt><dt><span class="section"><a href="#idm225406332272">11.3. Temporary files without names</a></span></dt><dt><span class="section"><a href="#chap-Defensive_Coding-Tasks-Temporary_Directory">11.4. Temporary directories</a></span></dt><dt><span class="section"><a href="#idm225454191968">11.5. Compensating for unsafe file creation</a></span></dt></dl></dd><dt><span class="chapter"><a href="#sect-Defensive_Coding-Tasks-Processes">12. Processes</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Creation">12.1. Safe process creation</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225447651360">12.1.1. Obtaining the program path and the command line template</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-execve">12.1.2. Bypassing the s
hell</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-environ">12.1.3. Specifying the process environment</a></span></dt><dt><span class="section"><a href="#idm225399548240">12.1.4. Robust argument list processing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Command_Line_Visibility">12.1.5. Passing secrets to subprocesses</a></span></dt></dl></dd><dt><span class="section"><a href="#idm225455450336">12.2. Handling child process termination</a></span></dt><dt><span class="section"><a href="#idm225459931232">12.3. <code class="literal">SUID</code>/<code class="literal">SGID</code> processes</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-secure_getenv">12.3.1. Accessing environment variables</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Daemons">12.4. Daemons</a></span></dt><dt><span class="section"><a hr
ef="#idm225443789280">12.5. Semantics of command line arguments</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Fork-Parallel">12.6. <code class="function">fork</code> as a primitive for parallelism</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-Serialization">13. Serialization and Deserialization</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Decoders">13.1. Recommendations for manually written decoders</a></span></dt><dt><span class="section"><a href="#idm225488466928">13.2. Protocol design</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Fragmentation">13.3. Fragmentation</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Fragmentation-ID">13.3.1. Fragment IDs</a></span></dt></dl></dd><dt><span class="section"><a href="#idm225432336176">13.4. Li
brary support for deserialization</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML">13.5. XML serialization</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-External">13.5.1. External references</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-Entities">13.5.2. Entity expansion</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-XInclude">13.5.3. XInclude processing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-Validation">13.5.4. Algorithmic complexity of XML validation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-Expat">13.5.5. Using Expat for XML parsing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Qt">13.5.6. Using Qt for XML par
sing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse">13.5.7. Using OpenJDK for XML parsing and validation</a></span></dt></dl></dd><dt><span class="section"><a href="#idm225490272272">13.6. Protocol Encoders</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-Cryptography">14. Cryptography</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225484622624">14.1. Primitives</a></span></dt><dt><span class="section"><a href="#idm225440268992">14.2. Randomness</a></span></dt></dl></dd><dt><span class="chapter"><a href="#chap-Defensive_Coding-Tasks-Packaging">15. RPM packaging</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Packaging-Certificates">15.1. Generating X.509 self-signed certificates during installation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Packaging-Certificates-Service">15.2. Gener
ating X.509 self-signed certificates before service start</a></span></dt></dl></dd></dl></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-Library_Design" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 8. Library Design</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#idm225442354272">8.1. State management</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225460623712">8.1.1. Global state</a></span></dt><dt><span class="section"><a href="#idm225445373952">8.1.2. Handles</a></span></dt></dl></dd><dt><span class="section"><a href="#idm225465970912">8.2. Object orientation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Library_Design-Callbacks">8.3. Callbacks</a></span></dt><dt><span class="section"><a href="#idm225427877808">8.4. Process attributes</a></span></dt></dl></div><div class="para">
Throught this section, the term <span class="emphasis"><em>client code</em></span> refers to applications and other libraries using the library.
- </div><div class="section" id="idm225461550096"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225461550096">7.1. State management</h2></div></div></div><div class="para">
+ </div><div class="section" id="idm225442354272"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225442354272">8.1. State management</h2></div></div></div><div class="para">
- </div><div class="section" id="idm225456220368"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225456220368">7.1.1. Global state</h3></div></div></div><div class="para">
+ </div><div class="section" id="idm225460623712"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225460623712">8.1.1. Global state</h3></div></div></div><div class="para">
Global state should be avoided.
</div><div class="para">
If this is impossible, the global state must be protected with a lock. For C/C++, you can use the <code class="function">pthread_mutex_lock</code> and <code class="function">pthread_mutex_unlock</code> functions without linking against <code class="literal">-lpthread</code> because the system provides stubs for non-threaded processes.
@@ -884,7 +1031,7 @@ func IOError(r io.Reader, buf []byte, processor Processor,
For compatibility with <code class="function">fork</code>, these locks should be acquired and released in helpers registered with <code class="function">pthread_atfork</code>. This function is not available without <code class="literal">-lpthread</code>, so you need to use <code class="function">dlsym</code> or a weak symbol to obtain its address.
</div><div class="para">
If you need <code class="function">fork</code> protection for other reasons, you should store the process ID and compare it to the value returned by <code class="function">getpid</code> each time you access the global state. (<code class="function">getpid</code> is not implemented as a system call and is fast.) If the value changes, you know that you have to re-create the state object. (This needs to be combined with locking, of course.)
- </div></div><div class="section" id="idm225456360144"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225456360144">7.1.2. Handles</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225445373952"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225445373952">8.1.2. Handles</h3></div></div></div><div class="para">
Library state should be kept behind a curtain. Client code should receive only a handle. In C, the handle can be a pointer to an incomplete <code class="literal">struct</code>. In C++, the handle can be a pointer to an abstract base class, or it can be hidden using the pointer-to-implementation idiom.
</div><div class="para">
The library should provide functions for creating and destroying handles. (In C++, it is possible to use virtual destructors for the latter.) Consistency between creation and destruction of handles is strongly recommended: If the client code created a handle, it is the responsibility of the client code to destroy it. (This is not always possible or convenient, so sometimes, a transfer of ownership has to happen.)
@@ -892,11 +1039,11 @@ func IOError(r io.Reader, buf []byte, processor Processor,
Using handles ensures that it is possible to change the way the library represents state in a way that is transparent to client code. This is important to facilitate security updates and many other code changes.
</div><div class="para">
It is not always necessary to protect state behind a handle with a lock. This depends on the level of thread safety the library provides.
- </div></div></div><div class="section" id="idm225362028336"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225362028336">7.2. Object orientation</h2></div></div></div><div class="para">
+ </div></div></div><div class="section" id="idm225465970912"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225465970912">8.2. Object orientation</h2></div></div></div><div class="para">
Classes should be either designed as base classes, or it should be impossible to use them as base classes (like <code class="literal">final</code> classes in Java). Classes which are not designed for inheritance and are used as base classes nevertheless create potential maintenance hazards because it is difficult to predict how client code will react when calls to virtual methods are added, reordered or removed.
</div><div class="para">
- Virtual member functions can be used as callbacks. See <a class="xref" href="#sect-Defensive_Coding-Tasks-Library_Design-Callbacks">Section 7.3, “Callbacks”</a> for some of the challenges involved.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Library_Design-Callbacks"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">7.3. Callbacks</h2></div></div></div><div class="para">
+ Virtual member functions can be used as callbacks. See <a class="xref" href="#sect-Defensive_Coding-Tasks-Library_Design-Callbacks">Section 8.3, “Callbacks”</a> for some of the challenges involved.
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Library_Design-Callbacks"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">8.3. Callbacks</h2></div></div></div><div class="para">
Higher-order code is difficult to analyze for humans and computers alike, so it should be avoided. Often, an iterator-based interface (a library function which is called repeatedly by client code and returns a stream of events) leads to a better design which is easier to document and use.
</div><div class="para">
If callbacks are unavoidable, some guidelines for them follow.
@@ -908,10 +1055,10 @@ func IOError(r io.Reader, buf []byte, processor Processor,
Callbacks can throw exceptions or call <code class="function">longjmp</code>. If possible, all library objects should remain in a valid state. (All further operations on them can fail, but it should be possible to deallocate them without causing resource leaks.)
</div><div class="para">
The presence of callbacks raises the question if functions provided by the library are <span class="emphasis"><em>reentrant</em></span>. Unless a library was designed for such use, bad things will happen if a callback function uses functions in the same library (particularly if they are invoked on the same objects and manipulate the same state). When the callback is invoked, the library can be in an inconsistent state. Reentrant functions are more difficult to write than thread-safe functions (by definition, simple locking would immediately lead to deadlocks). It is also difficult to decide what to do when destruction of an object which is currently processing a callback is requested.
- </div></div><div class="section" id="idm225458031568"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225458031568">7.4. Process attributes</h2></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225427877808"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225427877808">8.4. Process attributes</h2></div></div></div><div class="para">
Several attributes are global and affect all code in the process, not just the library that manipulates them.
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
- environment variables (see <a class="xref" href="#sect-Defensive_Coding-Tasks-secure_getenv">Section 11.3.1, “Accessing environment variables”</a>)
+ environment variables (see <a class="xref" href="#sect-Defensive_Coding-Tasks-secure_getenv">Section 12.3.1, “Accessing environment variables”</a>)
</div></li><li class="listitem"><div class="para">
umask
</div></li><li class="listitem"><div class="para">
@@ -926,15 +1073,15 @@ func IOError(r io.Reader, buf []byte, processor Processor,
Library code should avoid manipulating these global process attributes. It should not rely on environment variables, umask, the current working directory and signal masks because these attributes can be inherted from an untrusted source.
</div><div class="para">
In addition, there are obvious process-wide aspects such as the virtual memory layout, the set of open files and dynamic shared objects, but with the exception of shared objects, these can be manipulated in a relatively isolated way.
- </div></div></div><div xml:lang="en-US" class="chapter" id="sect-Defensive_Coding-Tasks-Descriptors" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 8. File Descriptor Management</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#idm225463482160">8.1. Closing descriptors</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225452445568">8.1.1. Error handling during descriptor close</a></span></dt><dt><span class="section"><a href="#idm225452860400">8.1.2. Closing descriptors and race conditions</a></span></dt><dt><span class="section"><a href="#idm225442407552">8.1.3. Lingering state after close</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Descriptors-Child_Processes">8.2. Preventing file descriptor leaks to child processes</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Descriptors-Limit">8.3. Dealing with the <code class="f
unction">select</code> limit</a></span></dt></dl></div><div class="para">
+ </div></div></div><div xml:lang="en-US" class="chapter" id="sect-Defensive_Coding-Tasks-Descriptors" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 9. File Descriptor Management</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#idm225453644928">9.1. Closing descriptors</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225457482448">9.1.1. Error handling during descriptor close</a></span></dt><dt><span class="section"><a href="#idm225433132304">9.1.2. Closing descriptors and race conditions</a></span></dt><dt><span class="section"><a href="#idm225443666496">9.1.3. Lingering state after close</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Descriptors-Child_Processes">9.2. Preventing file descriptor leaks to child processes</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Descriptors-Limit">9.3. Dealing with the <code class="f
unction">select</code> limit</a></span></dt></dl></div><div class="para">
File descriptors underlie all input/output mechanisms offered by the system. They are used to implementation the <code class="literal">FILE *</code>-based functions found in <code class="literal"><stdio.h></code>, and all the file and network communication facilities provided by the Python and Java environments are eventually implemented in them.
</div><div class="para">
File descriptors are small, non-negative integers in userspace, and are backed on the kernel side with complicated data structures which can sometimes grow very large.
- </div><div class="section" id="idm225463482160"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225463482160">8.1. Closing descriptors</h2></div></div></div><div class="para">
- If a descriptor is no longer used by a program and is not closed explicitly, its number cannot be reused (which is problematic in itself, see <a class="xref" href="#sect-Defensive_Coding-Tasks-Descriptors-Limit">Section 8.3, “Dealing with the <code class="function">select</code> limit”</a>), and the kernel resources are not freed. Therefore, it is important to close all descriptors at the earlierst point in time possible, but not earlier.
- </div><div class="section" id="idm225452445568"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225452445568">8.1.1. Error handling during descriptor close</h3></div></div></div><div class="para">
+ </div><div class="section" id="idm225453644928"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225453644928">9.1. Closing descriptors</h2></div></div></div><div class="para">
+ If a descriptor is no longer used by a program and is not closed explicitly, its number cannot be reused (which is problematic in itself, see <a class="xref" href="#sect-Defensive_Coding-Tasks-Descriptors-Limit">Section 9.3, “Dealing with the <code class="function">select</code> limit”</a>), and the kernel resources are not freed. Therefore, it is important to close all descriptors at the earlierst point in time possible, but not earlier.
+ </div><div class="section" id="idm225457482448"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225457482448">9.1.1. Error handling during descriptor close</h3></div></div></div><div class="para">
The <code class="function">close</code> system call is always successful in the sense that the passed file descriptor is never valid after the function has been called. However, <code class="function">close</code> still can return an error, for example if there was a file system failure. But this error is not very useful because the absence of an error does not mean that all caches have been emptied and previous writes have been made durable. Programs which need such guarantees must open files with <code class="literal">O_SYNC</code> or use <code class="literal">fsync</code> or <code class="literal">fdatasync</code>, and may also have to <code class="literal">fsync</code> the directory containing the file.
- </div></div><div class="section" id="idm225452860400"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225452860400">8.1.2. Closing descriptors and race conditions</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225433132304"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225433132304">9.1.2. Closing descriptors and race conditions</h3></div></div></div><div class="para">
Unlike process IDs, which are recycle only gradually, the kernel always allocates the lowest unused file descriptor when a new descriptor is created. This means that in a multi-threaded program which constantly opens and closes file descriptors, descriptors are reused very quickly. Unless descriptor closing and other operations on the same file descriptor are synchronized (typically, using a mutex), there will be race coniditons and I/O operations will be applied to the wrong file descriptor.
</div><div class="para">
Sometimes, it is necessary to close a file descriptor concurrently, while another thread might be about to use it in a system call. In order to support this, a program needs to create a single special file descriptor, one on which all I/O operations fail. One way to achieve this is to use <code class="function">socketpair</code>, close one of the descriptors, and call <code class="literal">shutdown(fd, SHUTRDWR)</code> on the other.
@@ -942,7 +1089,7 @@ func IOError(r io.Reader, buf []byte, processor Processor,
When a descriptor is closed concurrently, the program does not call <code class="function">close</code> on the descriptor. Instead it program uses <code class="function">dup2</code> to replace the descriptor to be closed with the dummy descriptor created earlier. This way, the kernel will not reuse the descriptor, but it will carry out all other steps associated with calling a descriptor (for instance, if the descriptor refers to a stream socket, the peer will be notified).
</div><div class="para">
This is just a sketch, and many details are missing. Additional data structures are needed to determine when it is safe to really close the descriptor, and proper locking is required for that.
- </div></div><div class="section" id="idm225442407552"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225442407552">8.1.3. Lingering state after close</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225443666496"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225443666496">9.1.3. Lingering state after close</h3></div></div></div><div class="para">
By default, closing a stream socket returns immediately, and the kernel will try to send the data in the background. This means that it is impossible to implement accurate accounting of network-related resource utilization from userspace.
</div><div class="para">
The <code class="literal">SO_LINGER</code> socket option alters the behavior of <code class="function">close</code>, so that it will return only after the lingering data has been processed, either by sending it to the peer successfully, or by discarding it after the configured timeout. However, there is no interface which could perform this operation in the background, so a separate userspace thread is needed for each <code class="function">close</code> call, causing scalability issues.
@@ -950,7 +1097,7 @@ func IOError(r io.Reader, buf []byte, processor Processor,
Currently, there is no application-level countermeasure which applies universally. Mitigation is possible with <span class="application"><strong>iptables</strong></span> (the <code class="literal">connlimit</code> match type in particular) and specialized filtering devices for denial-of-service network traffic.
</div><div class="para">
These problems are not related to the <code class="literal">TIME_WAIT</code> state commonly seen in <span class="application"><strong>netstat</strong></span> output. The kernel automatically expires such sockets if necessary.
- </div></div></div><div class="section" id="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">8.2. Preventing file descriptor leaks to child processes</h2></div></div></div><div class="para">
+ </div></div></div><div class="section" id="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">9.2. Preventing file descriptor leaks to child processes</h2></div></div></div><div class="para">
Child processes created with <code class="function">fork</code> share the initial set of file descriptors with their parent process. By default, file descriptors are also preserved if a new process image is created with <code class="function">execve</code> (or any of the other functions such as <code class="function">system</code> or <code class="function">posix_spawn</code>).
</div><div class="para">
Usually, this behavior is not desirable. There are two ways to turn it off, that is, to prevent new process images from inheriting the file descriptors in the parent process:
@@ -963,10 +1110,10 @@ func IOError(r io.Reader, buf []byte, processor Processor,
</div></li><li class="listitem"><div class="para">
After calling <code class="function">fork</code>, but before creating a new process image with <code class="function">execve</code>, all file descriptors which the child process will not need are closed.
</div><div class="para">
- Traditionally, this was implemented as a loop over file descriptors ranging from <code class="literal">3</code> to <code class="literal">255</code> and later <code class="literal">1023</code>. But this is only an approximatio because it is possible to create file descriptors outside this range easily (see <a class="xref" href="#sect-Defensive_Coding-Tasks-Descriptors-Limit">Section 8.3, “Dealing with the <code class="function">select</code> limit”</a>). Another approach reads <code class="filename">/proc/self/fd</code> and closes the unexpected descriptors listed there, but this approach is much slower.
+ Traditionally, this was implemented as a loop over file descriptors ranging from <code class="literal">3</code> to <code class="literal">255</code> and later <code class="literal">1023</code>. But this is only an approximatio because it is possible to create file descriptors outside this range easily (see <a class="xref" href="#sect-Defensive_Coding-Tasks-Descriptors-Limit">Section 9.3, “Dealing with the <code class="function">select</code> limit”</a>). Another approach reads <code class="filename">/proc/self/fd</code> and closes the unexpected descriptors listed there, but this approach is much slower.
</div></li></ul></div><div class="para">
At present, environments which care about file descriptor leakage implement the second approach. OpenJDK 6 and 7 are among them.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Descriptors-Limit"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">8.3. Dealing with the <code class="function">select</code> limit</h2></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Descriptors-Limit"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">9.3. Dealing with the <code class="function">select</code> limit</h2></div></div></div><div class="para">
By default, a user is allowed to open only 1024 files in a single process, but the system administrator can easily change this limit (which is necessary for busy network servers). However, there is another restriction which is more difficult to overcome.
</div><div class="para">
The <code class="function">select</code> function only supports a maximum of <code class="literal">FD_SETSIZE</code> file descriptors (that is, the maximum permitted value for a file descriptor is <code class="literal">FD_SETSIZE - 1</code>, usually 1023.) If a process opens many files, descriptors may exceed such limits. It is impossible to query such descriptors using <code class="function">select</code>.
@@ -986,12 +1133,12 @@ func IOError(r io.Reader, buf []byte, processor Processor,
Close <code class="literal">fd</code> and continue to use <code class="literal">newfd</code>.
</div></li></ul></div><div class="para">
The new descriptor has been allocated above the <code class="literal">FD_SETSIZE</code>. Even though this algorithm is racy in the sense that the <code class="literal">FD_SETSIZE</code> first descriptors could fill up, a very high degree of physical parallelism is required before this becomes a problem.
- </div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-File_System" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 9. File system manipulation</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Unowned">9.1. Working with files and directories owned by other users</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Foreign">9.2. Accessing the file system as a different user</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Limits">9.3. File system limits</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Features">9.4. File system features</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Free_Space">9.5. Checking free space</a></span></dt></dl></div><div class="para">
+ </div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-File_System" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 10. File system manipulation</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Unowned">10.1. Working with files and directories owned by other users</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Foreign">10.2. Accessing the file system as a different user</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Limits">10.3. File system limits</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Features">10.4. File system features</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-File_System-Free_Space">10.5. Checking free space</a></span></dt></dl></div><div class="para">
In this chapter, we discuss general file system manipulation, with a focus on access files and directories to which an other, potentially untrusted user has write access.
</div><div class="para">
- Temporary files are covered in their own chapter, <a class="xref" href="#chap-Defensive_Coding-Tasks-Temporary_Files">Chapter 10, <em>Temporary files</em></a>.
- </div><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Unowned"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">9.1. Working with files and directories owned by other users</h2></div></div></div><div class="para">
- Sometimes, it is necessary to operate on files and directories owned by other (potentially untrusted) users. For example, a system administrator could remove the home directory of a user, or a package manager could update a file in a directory which is owned by an application-specific user. This differs from accessing the file system as a specific user; see <a class="xref" href="#sect-Defensive_Coding-Tasks-File_System-Foreign">Section 9.2, “Accessing the file system as a different user”</a>.
+ Temporary files are covered in their own chapter, <a class="xref" href="#chap-Defensive_Coding-Tasks-Temporary_Files">Chapter 11, <em>Temporary files</em></a>.
+ </div><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Unowned"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">10.1. Working with files and directories owned by other users</h2></div></div></div><div class="para">
+ Sometimes, it is necessary to operate on files and directories owned by other (potentially untrusted) users. For example, a system administrator could remove the home directory of a user, or a package manager could update a file in a directory which is owned by an application-specific user. This differs from accessing the file system as a specific user; see <a class="xref" href="#sect-Defensive_Coding-Tasks-File_System-Foreign">Section 10.2, “Accessing the file system as a different user”</a>.
</div><div class="para">
Accessing files across trust boundaries faces several challenges, particularly if an entire directory tree is being traversed:
</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
@@ -1018,19 +1165,19 @@ func IOError(r io.Reader, buf []byte, processor Processor,
There is no workaround against the instability of the file list returned by <code class="function">readdir</code>. Concurrent modification of the directory can result in a list of files being returned which never actually existed on disk.
</div><div class="para">
Hard links and symbolic links can be safely deleted using <code class="function">unlinkat</code> without further checks because deletion only affects the name within the directory tree being processed.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Foreign"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">9.2. Accessing the file system as a different user</h2></div></div></div><div class="para">
- This section deals with access to the file system as a specific user. This is different from accessing files and directories owned by a different, potentially untrusted user; see <a class="xref" href="#sect-Defensive_Coding-Tasks-File_System-Foreign">Section 9.2, “Accessing the file system as a different user”</a>.
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Foreign"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">10.2. Accessing the file system as a different user</h2></div></div></div><div class="para">
+ This section deals with access to the file system as a specific user. This is different from accessing files and directories owned by a different, potentially untrusted user; see <a class="xref" href="#sect-Defensive_Coding-Tasks-File_System-Foreign">Section 10.2, “Accessing the file system as a different user”</a>.
</div><div class="para">
One approach is to spawn a child process which runs under the target user and group IDs (both effective and real IDs). Note that this child process can block indefinitely, even when processing regular files only. For example, a special FUSE file system could cause the process to hang in uninterruptible sleep inside a <code class="function">stat</code> system call.
</div><div class="para">
An existing process could change its user and group ID using <code class="function">setfsuid</code> and <code class="function">setfsgid</code>. (These functions are preferred over <code class="function">seteuid</code> and <code class="function">setegid</code> because they do not allow the impersonated user to send signals to the process.) These functions are not thread safe. In multi-threaded processes, these operations need to be performed in a single-threaded child process. Unexpected blocking may occur as well.
</div><div class="para">
It is not recommended to try to reimplement the kernel permission checks in user space because the required checks are complex. It is also very difficult to avoid race conditions during path name resolution.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Limits"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">9.3. File system limits</h2></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Limits"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">10.3. File system limits</h2></div></div></div><div class="para">
For historical reasons, there are preprocessor constants such as <code class="literal">PATH_MAX</code>, <code class="literal">NAME_MAX</code>. However, on most systems, the length of canonical path names (absolute path names with all symbolic links resolved, as returned by <code class="function">realpath</code> or <code class="function">canonicalize_file_name</code>) can exceed <code class="literal">PATH_MAX</code> bytes, and individual file name components can be longer than <code class="literal">NAME_MAX</code>. This is also true of the <code class="literal">_PC_PATH_MAX</code> and <code class="literal">_PC_NAME_MAX</code> values returned by <code class="function">pathconf</code>, and the <code class="literal">f_namemax</code> member of <code class="literal">struct statvfs</code>. Therefore, these constants should not be used. This is also reason why the <code class="function">readdir_r</code> should never be used (instead, use <code class="function">readdir</code>).
</div><div class="para">
You should not write code in a way that assumes that there is an upper limit on the number of subdirectories of a directory, the number of regular files in a directory, or the link count of an inode.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Features"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">9.4. File system features</h2></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Features"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">10.4. File system features</h2></div></div></div><div class="para">
Not all file systems support all features. This makes it very difficult to write general-purpose tools for copying files. For example, a copy operation intending to preserve file permissions will generally fail when copying to a FAT file system.
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
Some file systems are case-insensitive. Most should be case-preserving, though.
@@ -1056,14 +1203,14 @@ func IOError(r io.Reader, buf []byte, processor Processor,
Locking semantics vary among file systems. This affects advisory and mandatory locks. For example, some network file systems do not allow deleting files which are opened by any process.
</div></li><li class="listitem"><div class="para">
Resolution of time stamps varies from two seconds to nanoseconds. Not all time stamps are available on all file systems. File creation time (<span class="emphasis"><em>birth time</em></span>) is not exposed over the <code class="function">stat</code>/<code class="function">fstat</code> interface, even if stored by the file system.
- </div></li></ul></div></div><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Free_Space"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">9.5. Checking free space</h2></div></div></div><div class="para">
+ </div></li></ul></div></div><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Free_Space"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">10.5. Checking free space</h2></div></div></div><div class="para">
The <code class="function">statvfs</code> and <code class="function">fstatvfs</code> functions allow programs to examine the number of available blocks and inodes, through the members <code class="literal">f_bfree</code>, <code class="literal">f_bavail</code>, <code class="literal">f_ffree</code>, and <code class="literal">f_favail</code> of <code class="literal">struct statvfs</code>. Some file systems return fictional values in the <code class="literal">f_ffree</code> and <code class="literal">f_favail</code> fields, so the only reliable way to discover if the file system still has space for a file is to try to create it. The <code class="literal">f_bfree</code> field should be reasonably accurate, though.
- </div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-Temporary_Files" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 10. Temporary files</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#chap-Defensive_Coding-Tasks-Temporary_Files-Location">10.1. Obtaining the location of temporary directory</a></span></dt><dt><span class="section"><a href="#idm225440111200">10.2. Named temporary files</a></span></dt><dt><span class="section"><a href="#idm225471949376">10.3. Temporary files without names</a></span></dt><dt><span class="section"><a href="#chap-Defensive_Coding-Tasks-Temporary_Directory">10.4. Temporary directories</a></span></dt><dt><span class="section"><a href="#idm225466685888">10.5. Compensating for unsafe file creation</a></span></dt></dl></div><div class="para">
- In this chapter, we describe how to create temporary files and directories, how to remove them, and how to work with programs which do not create files in ways that are safe with a shared directory for temporary files. General file system manipulation is treated in a separate chapter, <a class="xref" href="#chap-Defensive_Coding-Tasks-File_System">Chapter 9, <em>File system manipulation</em></a>.
+ </div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-Temporary_Files" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 11. Temporary files</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#chap-Defensive_Coding-Tasks-Temporary_Files-Location">11.1. Obtaining the location of temporary directory</a></span></dt><dt><span class="section"><a href="#idm225390206256">11.2. Named temporary files</a></span></dt><dt><span class="section"><a href="#idm225406332272">11.3. Temporary files without names</a></span></dt><dt><span class="section"><a href="#chap-Defensive_Coding-Tasks-Temporary_Directory">11.4. Temporary directories</a></span></dt><dt><span class="section"><a href="#idm225454191968">11.5. Compensating for unsafe file creation</a></span></dt></dl></div><div class="para">
+ In this chapter, we describe how to create temporary files and directories, how to remove them, and how to work with programs which do not create files in ways that are safe with a shared directory for temporary files. General file system manipulation is treated in a separate chapter, <a class="xref" href="#chap-Defensive_Coding-Tasks-File_System">Chapter 10, <em>File system manipulation</em></a>.
</div><div class="para">
Secure creation of temporary files has four different aspects.
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
- The location of the directory for temporary files must be obtained in a secure manner (that is, untrusted environment variables must be ignored, see <a class="xref" href="#sect-Defensive_Coding-Tasks-secure_getenv">Section 11.3.1, “Accessing environment variables”</a>).
+ The location of the directory for temporary files must be obtained in a secure manner (that is, untrusted environment variables must be ignored, see <a class="xref" href="#sect-Defensive_Coding-Tasks-secure_getenv">Section 12.3.1, “Accessing environment variables”</a>).
</div></li><li class="listitem"><div class="para">
A new file must be created. Reusing an existing file must be avoided (the <code class="filename">/tmp</code> race condition). This is tricky because traditionally, system-wide temporary directories shared by all users are used.
</div></li><li class="listitem"><div class="para">
@@ -1074,7 +1221,7 @@ func IOError(r io.Reader, buf []byte, processor Processor,
All functions mentioned below will take care of these aspects.
</div><div class="para">
Traditionally, temporary files are often used to reduce memory usage of programs. More and more systems use RAM-based file systems such as <code class="literal">tmpfs</code> for storing temporary files, to increase performance and decrease wear on Flash storage. As a result, spooling data to temporary files does not result in any memory savings, and the related complexity can be avoided if the data is kept in process memory.
- </div><div class="section" id="chap-Defensive_Coding-Tasks-Temporary_Files-Location"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">10.1. Obtaining the location of temporary directory</h2></div></div></div><div class="para">
+ </div><div class="section" id="chap-Defensive_Coding-Tasks-Temporary_Files-Location"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">11.1. Obtaining the location of temporary directory</h2></div></div></div><div class="para">
Some functions below need the location of a directory which stores temporary files. For C/C++ programs, use the following steps to obtain that directory:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
Use <code class="function">secure_getenv</code> to obtain the value of the <code class="literal">TMPDIR</code> environment variable. If it is set, convert the path to a fully-resolved absolute path, using <code class="literal">realpath(path, NULL)</code>. Check if the new path refers to a directory and is writeable. In this case, use it as the temporary directory.
@@ -1084,15 +1231,15 @@ func IOError(r io.Reader, buf []byte, processor Processor,
In Python, you can use the <code class="varname">tempfile.tempdir</code> variable.
</div><div class="para">
Java does not support SUID/SGID programs, so you can use the <code class="function">java.lang.System.getenv(String)</code> method to obtain the value of the <code class="literal">TMPDIR</code> environment variable, and follow the two steps described above. (Java's default directory selection does not honor <code class="literal">TMPDIR</code>.)
- </div></div><div class="section" id="idm225440111200"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225440111200">10.2. Named temporary files</h2></div></div></div><div class="para">
- The <code class="function">mkostemp</code> function creates a named temporary file. You should specify the <code class="literal">O_CLOEXEC</code> flag to avoid file descriptor leaks to subprocesses. (Applications which do not use multiple threads can also use <code class="function">mkstemp</code>, but libraries should use <code class="function">mkostemp</code>.) For determining the directory part of the file name pattern, see <a class="xref" href="#chap-Defensive_Coding-Tasks-Temporary_Files-Location">Section 10.1, “Obtaining the location of temporary directory”</a>.
+ </div></div><div class="section" id="idm225390206256"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225390206256">11.2. Named temporary files</h2></div></div></div><div class="para">
+ The <code class="function">mkostemp</code> function creates a named temporary file. You should specify the <code class="literal">O_CLOEXEC</code> flag to avoid file descriptor leaks to subprocesses. (Applications which do not use multiple threads can also use <code class="function">mkstemp</code>, but libraries should use <code class="function">mkostemp</code>.) For determining the directory part of the file name pattern, see <a class="xref" href="#chap-Defensive_Coding-Tasks-Temporary_Files-Location">Section 11.1, “Obtaining the location of temporary directory”</a>.
</div><div class="para">
The file is not removed automatically. It is not safe to rename or delete the file before processing, or transform the name in any way (for example, by adding a file extension). If you need multiple temporary files, call <code class="function">mkostemp</code> multiple times. Do not create additional file names derived from the name provided by a previous <code class="function">mkostemp</code> call. However, it is safe to close the descriptor returned by <code class="function">mkostemp</code> and reopen the file using the generated name.
</div><div class="para">
The Python class <code class="literal">tempfile.NamedTemporaryFile</code> provides similar functionality, except that the file is deleted automatically by default. Note that you may have to use the <code class="literal">file</code> attribute to obtain the actual file object because some programming interfaces cannot deal with file-like objects. The C function <code class="function">mkostemp</code> is also available as <code class="function">tempfile.mkstemp</code>.
</div><div class="para">
- In Java, you can use the <code class="function">java.io.File.createTempFile(String, String, File)</code> function, using the temporary file location determined according to <a class="xref" href="#chap-Defensive_Coding-Tasks-Temporary_Files-Location">Section 10.1, “Obtaining the location of temporary directory”</a>. Do not use <code class="function">java.io.File.deleteOnExit()</code> to delete temporary files, and do not register a shutdown hook for each temporary file you create. In both cases, the deletion hint cannot be removed from the system if you delete the temporary file prior to termination of the VM, causing a memory leak.
- </div></div><div class="section" id="idm225471949376"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225471949376">10.3. Temporary files without names</h2></div></div></div><div class="para">
+ In Java, you can use the <code class="function">java.io.File.createTempFile(String, String, File)</code> function, using the temporary file location determined according to <a class="xref" href="#chap-Defensive_Coding-Tasks-Temporary_Files-Location">Section 11.1, “Obtaining the location of temporary directory”</a>. Do not use <code class="function">java.io.File.deleteOnExit()</code> to delete temporary files, and do not register a shutdown hook for each temporary file you create. In both cases, the deletion hint cannot be removed from the system if you delete the temporary file prior to termination of the VM, causing a memory leak.
+ </div></div><div class="section" id="idm225406332272"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225406332272">11.3. Temporary files without names</h2></div></div></div><div class="para">
The <code class="function">tmpfile</code> function creates a temporary file and immediately deletes it, while keeping the file open. As a result, the file lacks a name and its space is deallocated as soon as the file descriptor is closed (including the implicit close when the process terminates). This avoids cluttering the temporary directory with orphaned files.
</div><div class="para">
Alternatively, if the maximum size of the temporary file is known beforehand, the <code class="function">fmemopen</code> function can be used to create a <code class="literal">FILE *</code> object which is backed by memory.
@@ -1100,16 +1247,16 @@ func IOError(r io.Reader, buf []byte, processor Processor,
In Python, unnamed temporary files are provided by the <code class="literal">tempfile.TemporaryFile</code> class, and the <code class="literal">tempfile.SpooledTemporaryFile</code> class provides a way to avoid creation of small temporary files.
</div><div class="para">
Java does not support unnamed temporary files.
- </div></div><div class="section" id="chap-Defensive_Coding-Tasks-Temporary_Directory"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">10.4. Temporary directories</h2></div></div></div><div class="para">
- The <code class="function">mkdtemp</code> function can be used to create a temporary directory. (For determining the directory part of the file name pattern, see <a class="xref" href="#chap-Defensive_Coding-Tasks-Temporary_Files-Location">Section 10.1, “Obtaining the location of temporary directory”</a>.) The directory is not automatically removed. In Python, this function is available as <code class="function">tempfile.mkdtemp</code>. In Java 7, temporary directories can be created using the <code class="function">java.nio.file.Files.createTempDirectory(Path, String, FileAttribute...)</code> function.
+ </div></div><div class="section" id="chap-Defensive_Coding-Tasks-Temporary_Directory"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">11.4. Temporary directories</h2></div></div></div><div class="para">
+ The <code class="function">mkdtemp</code> function can be used to create a temporary directory. (For determining the directory part of the file name pattern, see <a class="xref" href="#chap-Defensive_Coding-Tasks-Temporary_Files-Location">Section 11.1, “Obtaining the location of temporary directory”</a>.) The directory is not automatically removed. In Python, this function is available as <code class="function">tempfile.mkdtemp</code>. In Java 7, temporary directories can be created using the <code class="function">java.nio.file.Files.createTempDirectory(Path, String, FileAttribute...)</code> function.
</div><div class="para">
When creating files in the temporary directory, use automatically generated names, e.g., derived from a sequential counter. Files with externally provided names could be picked up in unexpected contexts, and crafted names could actually point outside of the tempoary directory (due to <span class="emphasis"><em>directory traversal</em></span>).
</div><div class="para">
Removing a directory tree in a completely safe manner is complicated. Unless there are overriding performance concerns, the <span class="application"><strong>rm</strong></span> program should be used, with the <code class="option">-rf</code> and <code class="option">--</code> options.
- </div></div><div class="section" id="idm225466685888"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225466685888">10.5. Compensating for unsafe file creation</h2></div></div></div><div class="para">
- There are two ways to make a function or program which excepts a file name safe for use with temporary files. See <a class="xref" href="#sect-Defensive_Coding-Tasks-Processes-Creation">Section 11.1, “Safe process creation”</a>, for details on subprocess creation.
+ </div></div><div class="section" id="idm225454191968"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225454191968">11.5. Compensating for unsafe file creation</h2></div></div></div><div class="para">
+ There are two ways to make a function or program which excepts a file name safe for use with temporary files. See <a class="xref" href="#sect-Defensive_Coding-Tasks-Processes-Creation">Section 12.1, “Safe process creation”</a>, for details on subprocess creation.
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
- Create a temporary directory and place the file there. If possible, run the program in a subprocess which uses the temporary directory as its current directory, with a restricted environment. Use generated names for all files in that temporary directory. (See <a class="xref" href="#chap-Defensive_Coding-Tasks-Temporary_Directory">Section 10.4, “Temporary directories”</a>.)
+ Create a temporary directory and place the file there. If possible, run the program in a subprocess which uses the temporary directory as its current directory, with a restricted environment. Use generated names for all files in that temporary directory. (See <a class="xref" href="#chap-Defensive_Coding-Tasks-Temporary_Directory">Section 11.4, “Temporary directories”</a>.)
</div></li><li class="listitem"><div class="para">
Create the temporary file and pass the generated file name to the function or program. This only works if the function or program can cope with a zero-length existing file. It is safe only under additional assumptions:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
@@ -1120,15 +1267,15 @@ func IOError(r io.Reader, buf []byte, processor Processor,
It must not access any existing files in the same directory.
</div></li></ul></div><div class="para">
It is often difficult to check whether these additional assumptions are matched, therefore this approach is not recommended.
- </div></li></ul></div></div></div><div xml:lang="en-US" class="chapter" id="sect-Defensive_Coding-Tasks-Processes" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 11. Processes</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Creation">11.1. Safe process creation</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225451489136">11.1.1. Obtaining the program path and the command line template</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-execve">11.1.2. Bypassing the shell</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-environ">11.1.3. Specifying the process environment</a></span></dt><dt><span class="section"><a href="#idm225449401040">11.1.4. Robust argument list processing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Command_Lin
e_Visibility">11.1.5. Passing secrets to subprocesses</a></span></dt></dl></dd><dt><span class="section"><a href="#idm225441023584">11.2. Handling child process termination</a></span></dt><dt><span class="section"><a href="#idm225456597984">11.3. <code class="literal">SUID</code>/<code class="literal">SGID</code> processes</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-secure_getenv">11.3.1. Accessing environment variables</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Daemons">11.4. Daemons</a></span></dt><dt><span class="section"><a href="#idm225410763344">11.5. Semantics of command line arguments</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Fork-Parallel">11.6. <code class="function">fork</code> as a primitive for parallelism</a></span></dt></dl></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-Creation"><div class="tit
lepage"><div><div keep-together.within-column="always"><h2 class="title">11.1. Safe process creation</h2></div></div></div><div class="para">
- This section describes how to create new child processes in a safe manner. In addition to the concerns addressed below, there is the possibility of file descriptor leaks, see <a class="xref" href="#sect-Defensive_Coding-Tasks-Descriptors-Child_Processes">Section 8.2, “Preventing file descriptor leaks to child processes”</a>.
- </div><div class="section" id="idm225451489136"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225451489136">11.1.1. Obtaining the program path and the command line template</h3></div></div></div><div class="para">
+ </div></li></ul></div></div></div><div xml:lang="en-US" class="chapter" id="sect-Defensive_Coding-Tasks-Processes" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 12. Processes</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Creation">12.1. Safe process creation</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225447651360">12.1.1. Obtaining the program path and the command line template</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-execve">12.1.2. Bypassing the shell</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-environ">12.1.3. Specifying the process environment</a></span></dt><dt><span class="section"><a href="#idm225399548240">12.1.4. Robust argument list processing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Command_Lin
e_Visibility">12.1.5. Passing secrets to subprocesses</a></span></dt></dl></dd><dt><span class="section"><a href="#idm225455450336">12.2. Handling child process termination</a></span></dt><dt><span class="section"><a href="#idm225459931232">12.3. <code class="literal">SUID</code>/<code class="literal">SGID</code> processes</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-secure_getenv">12.3.1. Accessing environment variables</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Daemons">12.4. Daemons</a></span></dt><dt><span class="section"><a href="#idm225443789280">12.5. Semantics of command line arguments</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Processes-Fork-Parallel">12.6. <code class="function">fork</code> as a primitive for parallelism</a></span></dt></dl></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-Creation"><div class="tit
lepage"><div><div keep-together.within-column="always"><h2 class="title">12.1. Safe process creation</h2></div></div></div><div class="para">
+ This section describes how to create new child processes in a safe manner. In addition to the concerns addressed below, there is the possibility of file descriptor leaks, see <a class="xref" href="#sect-Defensive_Coding-Tasks-Descriptors-Child_Processes">Section 9.2, “Preventing file descriptor leaks to child processes”</a>.
+ </div><div class="section" id="idm225447651360"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225447651360">12.1.1. Obtaining the program path and the command line template</h3></div></div></div><div class="para">
The name and path to the program being invoked should be hard-coded or controlled by a static configuration file stored at a fixed location (at an file system absolute path). The same applies to the template for generating the command line.
</div><div class="para">
- The configured program name should be an absolute path. If it is a relative path, the contents of the <code class="envar">PATH</code> must be obtained in a secure manner (see <a class="xref" href="#sect-Defensive_Coding-Tasks-secure_getenv">Section 11.3.1, “Accessing environment variables”</a>). If the <code class="envar">PATH</code> variable is not set or untrusted, the safe default <code class="literal">/bin:/usr/bin</code> must be used.
+ The configured program name should be an absolute path. If it is a relative path, the contents of the <code class="envar">PATH</code> must be obtained in a secure manner (see <a class="xref" href="#sect-Defensive_Coding-Tasks-secure_getenv">Section 12.3.1, “Accessing environment variables”</a>). If the <code class="envar">PATH</code> variable is not set or untrusted, the safe default <code class="literal">/bin:/usr/bin</code> must be used.
</div><div class="para">
If too much flexibility is provided here, it may allow invocation of arbitrary programs without proper authorization.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-execve"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">11.1.2. Bypassing the shell</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-execve"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.1.2. Bypassing the shell</h3></div></div></div><div class="para">
Child processes should be created without involving the system shell.
</div><div class="para">
For C/C++, <code class="function">system</code> should not be used. The <code class="function">posix_spawn</code> function can be used instead, or a combination <code class="function">fork</code> and <code class="function">execve</code>. (In some cases, it may be preferable to use <code class="function">vfork</code> or the Linux-specific <code class="function">clone</code> system call instead of <code class="function">fork</code>.)
@@ -1140,7 +1287,7 @@ func IOError(r io.Reader, buf []byte, processor Processor,
On Windows, there is no argument vector, only a single argument string. Each application is responsible for parsing this string into an argument vector. There is considerable variance among the quoting style recognized by applications. Some of them expand shell wildcards, others do not. Extensive application-specific testing is required to make this secure.
</div></div></div><div class="para">
Note that some common applications (notably <span class="application"><strong>ssh</strong></span>) unconditionally introduce the use of a shell, even if invoked directly without a shell. It is difficult to use these applications in a secure manner. In this case, untrusted data should be supplied by other means. For example, standard input could be used, instead of the command line.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-environ"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">11.1.3. Specifying the process environment</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-environ"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.1.3. Specifying the process environment</h3></div></div></div><div class="para">
Child processes should be created with a minimal set of environment variables. This is absolutely essential if there is a trust transition involved, either when the parent process was created, or during the creation of the child process.
</div><div class="para">
In C/C++, the environment should be constructed as an array of strings and passed as the <code class="varname">envp</code> argument to <code class="function">posix_spawn</code> or <code class="function">execve</code>. The functions <code class="function">setenv</code>, <code class="function">unsetenv</code> and <code class="function">putenv</code> should not be used. They are not thread-safe and suffer from memory leaks.
@@ -1157,10 +1304,10 @@ func IOError(r io.Reader, buf []byte, processor Processor,
</div></li><li class="listitem"><div class="para">
The location-related environment variables <code class="envar">LANG</code>, <code class="envar">LANGUAGE</code>, <code class="envar">LC_ADDRESS</code>, <code class="envar">LC_ALL</code>, <code class="envar">LC_COLLATE</code>, <code class="envar">LC_CTYPE</code>, <code class="envar">LC_IDENTIFICATION</code>, <code class="envar">LC_MEASUREMENT</code>, <code class="envar">LC_MESSAGES</code>, <code class="envar">LC_MONETARY</code>, <code class="envar">LC_NAME</code>, <code class="envar">LC_NUMERIC</code>, <code class="envar">LC_PAPER</code>, <code class="envar">LC_TELEPHONE</code> and <code class="envar">LC_TIME</code> can be passed to the subprocess if present.
</div></li><li class="listitem"><div class="para">
- The called process may need application-specific environment variables, for example for passing passwords. (See <a class="xref" href="#sect-Defensive_Coding-Tasks-Processes-Command_Line_Visibility">Section 11.1.5, “Passing secrets to subprocesses”</a>.)
+ The called process may need application-specific environment variables, for example for passing passwords. (See <a class="xref" href="#sect-Defensive_Coding-Tasks-Processes-Command_Line_Visibility">Section 12.1.5, “Passing secrets to subprocesses”</a>.)
</div></li><li class="listitem"><div class="para">
All other environment variables should be dropped. Names for new environment variables should not be accepted from untrusted sources.
- </div></li></ul></div></div><div class="section" id="idm225449401040"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225449401040">11.1.4. Robust argument list processing</h3></div></div></div><div class="para">
+ </div></li></ul></div></div><div class="section" id="idm225399548240"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225399548240">12.1.4. Robust argument list processing</h3></div></div></div><div class="para">
When invoking a program, it is sometimes necessary to include data from untrusted sources. Such data should be checked against embedded <code class="literal">NUL</code> characters because the system APIs will silently truncate argument strings at the first <code class="literal">NUL</code> character.
</div><div class="para">
The following recommendations assume that the program being invoked uses GNU-style option processing using <code class="function">getopt_long</code>. This convention is widely used, but it is just that, and individual programs might interpret a command line in a different way.
@@ -1168,13 +1315,13 @@ func IOError(r io.Reader, buf []byte, processor Processor,
If the untrusted data has to go into an option, use the <code class="literal">--option-name=VALUE</code> syntax, placing the option and its value into the same command line argument. This avoids any potential confusion if the data starts with <code class="literal">-</code>.
</div><div class="para">
For positional arguments, terminate the option list with a single <code class="option">--</code> marker after the last option, and include the data at the right position. The <code class="option">--</code> marker terminates option processing, and the data will not be treated as an option even if it starts with a dash.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-Command_Line_Visibility"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">11.1.5. Passing secrets to subprocesses</h3></div></div></div><div class="para">
- The command line (the name of the program and its argument) of a running process is traditionally available to all local users. The called program can overwrite this information, but only after it has run for a bit of time, during which the information may have been read by other processes. However, on Linux, the process environment is restricted to the user who runs the process. Therefore, if you need a convenient way to pass a password to a child process, use an environment variable, and not a command line argument. (See <a class="xref" href="#sect-Defensive_Coding-Tasks-Processes-environ">Section 11.1.3, “Specifying the process environment”</a>.)
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-Command_Line_Visibility"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.1.5. Passing secrets to subprocesses</h3></div></div></div><div class="para">
+ The command line (the name of the program and its argument) of a running process is traditionally available to all local users. The called program can overwrite this information, but only after it has run for a bit of time, during which the information may have been read by other processes. However, on Linux, the process environment is restricted to the user who runs the process. Therefore, if you need a convenient way to pass a password to a child process, use an environment variable, and not a command line argument. (See <a class="xref" href="#sect-Defensive_Coding-Tasks-Processes-environ">Section 12.1.3, “Specifying the process environment”</a>.)
</div><div class="important"><div class="admonition_header"><h2>Portability notice</h2></div><div class="admonition"><div class="para">
On some UNIX-like systems (notably Solaris), environment variables can be read by any system user, just like command lines.
</div></div></div><div class="para">
If the environment-based approach cannot be used due to portability concerns, the data can be passed on standard input. Some programs (notably <span class="application"><strong>gpg</strong></span>) use special file descriptors whose numbers are specified on the command line. Temporary files are an option as well, but they might give digital forensics access to sensitive data (such as passphrases) because it is difficult to safely delete them in all cases.
- </div></div></div><div class="section" id="idm225441023584"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225441023584">11.2. Handling child process termination</h2></div></div></div><div class="para">
+ </div></div></div><div class="section" id="idm225455450336"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225455450336">12.2. Handling child process termination</h2></div></div></div><div class="para">
When child processes terminate, the parent process is signalled. A stub of the terminated processes (a <span class="emphasis"><em>zombie</em></span>, shown as <code class="literal"><defunct></code> by <span class="application"><strong>ps</strong></span>) is kept around until the status information is collected (<span class="emphasis"><em>reaped</em></span>) by the parent process. Over the years, several interfaces for this have been invented:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
The parent process calls <code class="function">wait</code>, <code class="function">waitpid</code>, <code class="function">waitid</code>, <code class="function">wait3</code> or <code class="function">wait4</code>, without specifying a process ID. This will deliver any matching process ID. This approach is typically used from within event loops.
@@ -1186,27 +1333,27 @@ func IOError(r io.Reader, buf []byte, processor Processor,
None of these approaches can be used to wait for child process terminated in a completely thread-safe manner. The parent process might execute an event loop in another thread, which could pick up the termination signal. This means that libraries typically cannot make free use of child processes (for example, to run problematic code with reduced privileges in a separate address space).
</div><div class="para">
At the moment, the parent process should explicitly wait for termination of the child process using <code class="function">waitpid</code> or <code class="function">waitid</code>, and hope that the status is not collected by an event loop first.
- </div></div><div class="section" id="idm225456597984"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225456597984">11.3. <code class="literal">SUID</code>/<code class="literal">SGID</code> processes</h2></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225459931232"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225459931232">12.3. <code class="literal">SUID</code>/<code class="literal">SGID</code> processes</h2></div></div></div><div class="para">
Programs can be marked in the file system to indicate to the kernel that a trust transition should happen if the program is run. The <code class="literal">SUID</code> file permission bit indicates that an executable should run with the effective user ID equal to the owner of the executable file. Similarly, with the <code class="literal">SGID</code> bit, the effective group ID is set to the group of the executable file.
</div><div class="para">
Linux supports <span class="emphasis"><em>fscaps</em></span>, which can grant additional capabilities to a process in a finer-grained manner. Additional mechanisms can be provided by loadable security modules.
</div><div class="para">
When such a trust transition has happened, the process runs in a potentially hostile environment. Additional care is necessary not to rely on any untrusted information. These concerns also apply to libraries which can be linked into such processes.
- </div><div class="section" id="sect-Defensive_Coding-Tasks-secure_getenv"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">11.3.1. Accessing environment variables</h3></div></div></div><div class="para">
+ </div><div class="section" id="sect-Defensive_Coding-Tasks-secure_getenv"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.3.1. Accessing environment variables</h3></div></div></div><div class="para">
The following steps are required so that a program does not accidentally pick up untrusted data from environment variables.
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
Compile your C/C++ sources with <code class="literal">-D_GNU_SOURCE</code>. The Autoconf macro <code class="literal">AC_GNU_SOURCE</code> ensures this.
</div></li><li class="listitem"><div class="para">
Check for the presence of the <code class="function">secure_getenv</code> and <code class="function">__secure_getenv</code> function. The Autoconf directive <code class="literal">AC_CHECK_FUNCS([__secure_getenv secure_getenv])</code> performs these checks.
</div></li><li class="listitem"><div class="para">
- Arrange for a proper definition of the <code class="function">secure_getenv</code> function. See <a class="xref" href="#ex-Defensive_Coding-Tasks-secure_getenv">Example 11.1, “Obtaining a definition for <code class="function">secure_getenv</code>”</a>.
+ Arrange for a proper definition of the <code class="function">secure_getenv</code> function. See <a class="xref" href="#ex-Defensive_Coding-Tasks-secure_getenv">Example 12.1, “Obtaining a definition for <code class="function">secure_getenv</code>”</a>.
</div></li><li class="listitem"><div class="para">
Use <code class="function">secure_getenv</code> instead of <code class="function">getenv</code> to obtain the value of critical environment variables. <code class="function">secure_getenv</code> will pretend the variable has not bee set if the process environment is not trusted.
</div></li></ul></div><div class="para">
Critical environment variables are debugging flags, configuration file locations, plug-in and log file locations, and anything else that might be used to bypass security restrictions or cause a privileged process to behave in an unexpected way.
</div><div class="para">
Either the <code class="function">secure_getenv</code> function or the <code class="function">__secure_getenv</code> is available from GNU libc.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-secure_getenv"><h6>Example 11.1. Obtaining a definition for <code class="function">secure_getenv</code></h6><div class="example-contents"><pre class="programlisting">
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-secure_getenv"><h6>Example 12.1. Obtaining a definition for <code class="function">secure_getenv</code></h6><div class="example-contents"><pre class="programlisting">
<span class="perl_Others">#include <stdlib.h></span><span class="perl_Others"></span>
<span class="perl_Others"></span>
@@ -1218,7 +1365,7 @@ func IOError(r io.Reader, buf []byte, processor Processor,
<span class="perl_Others"></span><span class="perl_Others"># endif</span><span class="perl_Others"></span>
<span class="perl_Others"></span><span class="perl_Others">#endif</span><span class="perl_Others"></span>
<span class="perl_Others"></span>
-</pre></div></div><br class="example-break" /></div></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-Daemons"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">11.4. Daemons</h2></div></div></div><div class="para">
+</pre></div></div><br class="example-break" /></div></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-Daemons"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">12.4. Daemons</h2></div></div></div><div class="para">
Background processes providing system services (<span class="emphasis"><em>daemons</em></span>) need to decouple themselves from the controlling terminal and the parent process environment:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
Fork.
@@ -1234,25 +1381,25 @@ func IOError(r io.Reader, buf []byte, processor Processor,
Other aspects of the process environment may have to changed as well (environment variables, signal handler disposition).
</div><div class="para">
It is increasingly common that server processes do not run as background processes, but as regular foreground process under a supervising master process (such as <span class="application"><strong>systemd</strong></span>). Server processes should offer a command line option which disables forking and replacement of the standard output and standard error streams. Such an option is also useful for debugging.
- </div></div><div class="section" id="idm225410763344"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225410763344">11.5. Semantics of command line arguments</h2></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225443789280"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225443789280">12.5. Semantics of command line arguments</h2></div></div></div><div class="para">
After process creation and option processing, it is up to the child process to interpret the arguments. Arguments can be file names, host names, or URLs, and many other things. URLs can refer to the local network, some server on the Internet, or to the local file system. Some applications even accept arbitrary code in arguments (for example, <span class="application"><strong>python</strong></span> with the <code class="option">-c</code> option).
</div><div class="para">
Similar concerns apply to environment variables, the contents of the current directory and its subdirectories.
</div><div class="para">
Consequently, careful analysis is required if it is safe to pass untrusted data to another program.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">11.6. <code class="function">fork</code> as a primitive for parallelism</h2></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">12.6. <code class="function">fork</code> as a primitive for parallelism</h2></div></div></div><div class="para">
A call to <code class="function">fork</code> which is not immediately followed by a call to <code class="function">execve</code> (perhaps after rearranging and closing file descriptors) is typically unsafe, especially from a library which does not control the state of the entire process. Such use of <code class="function">fork</code> should be replaced with proper child processes or threads.
- </div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-Serialization" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 12. Serialization and Deserialization</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Decoders">12.1. Recommendations for manually written decoders</a></span></dt><dt><span class="section"><a href="#idm225454526272">12.2. Protocol design</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Fragmentation">12.3. Fragmentation</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Fragmentation-ID">12.3.1. Fragment IDs</a></span></dt></dl></dd><dt><span class="section"><a href="#idm225453976880">12.4. Library support for deserialization</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML">1
2.5. XML serialization</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-External">12.5.1. External references</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-Entities">12.5.2. Entity expansion</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-XInclude">12.5.3. XInclude processing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-Validation">12.5.4. Algorithmic complexity of XML validation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-Expat">12.5.5. Using Expat for XML parsing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Qt">12.5.6. Using Qt for XML parsing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse">12.5.7. Using Op
enJDK for XML parsing and validation</a></span></dt></dl></dd><dt><span class="section"><a href="#idm225461438784">12.6. Protocol Encoders</a></span></dt></dl></div><div class="para">
+ </div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-Serialization" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 13. Serialization and Deserialization</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Decoders">13.1. Recommendations for manually written decoders</a></span></dt><dt><span class="section"><a href="#idm225488466928">13.2. Protocol design</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Fragmentation">13.3. Fragmentation</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Fragmentation-ID">13.3.1. Fragment IDs</a></span></dt></dl></dd><dt><span class="section"><a href="#idm225432336176">13.4. Library support for deserialization</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML">1
3.5. XML serialization</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-External">13.5.1. External references</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-Entities">13.5.2. Entity expansion</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-XInclude">13.5.3. XInclude processing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-Validation">13.5.4. Algorithmic complexity of XML validation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-Expat">13.5.5. Using Expat for XML parsing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-Qt">13.5.6. Using Qt for XML parsing</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse">13.5.7. Using Op
enJDK for XML parsing and validation</a></span></dt></dl></dd><dt><span class="section"><a href="#idm225490272272">13.6. Protocol Encoders</a></span></dt></dl></div><div class="para">
Protocol decoders and file format parsers are often the most-exposed part of an application because they are exposed with little or no user interaction and before any authentication and security checks are made. They are also difficult to write robustly in languages which are not memory-safe.
- </div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-Decoders"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">12.1. Recommendations for manually written decoders</h2></div></div></div><div class="para">
+ </div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-Decoders"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">13.1. Recommendations for manually written decoders</h2></div></div></div><div class="para">
For C and C++, the advice in <a class="xref" href="#sect-Defensive_Coding-C-Pointers">Section 1.1.2, “Recommendations for pointers and array handling”</a> applies. In addition, avoid non-character pointers directly into input buffers. Pointer misalignment causes crashes on some architectures.
</div><div class="para">
When reading variable-sized objects, do not allocate large amounts of data solely based on the value of a size field. If possible, grow the data structure as more data is read from the source, and stop when no data is available. This helps to avoid denial-of-service attacks where little amounts of input data results in enormous memory allocations during decoding. Alternatively, you can impose reasonable bounds on memory allocations, but some protocols do not permit this.
- </div></div><div class="section" id="idm225454526272"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225454526272">12.2. Protocol design</h2></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225488466928"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225488466928">13.2. Protocol design</h2></div></div></div><div class="para">
Binary formats with explicit length fields are more difficult to parse robustly than those where the length of dynamically-sized elements is derived from sentinel values. A protocol which does not use length fields and can be written in printable ASCII characters simplifies testing and debugging. However, binary protocols with length fields may be more efficient to parse.
</div><div class="para">
- In new datagram-oriented protocols, unique numbers such as sequence numbers or identifiers for fragment reassembly (see <a class="xref" href="#sect-Defensive_Coding-Tasks-Serialization-Fragmentation">Section 12.3, “Fragmentation”</a>) should be at least 64 bits large, and really should not be smaller than 32 bits in size. Protocols should not permit fragments with overlapping contents.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-Fragmentation"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">12.3. Fragmentation</h2></div></div></div><div class="para">
+ In new datagram-oriented protocols, unique numbers such as sequence numbers or identifiers for fragment reassembly (see <a class="xref" href="#sect-Defensive_Coding-Tasks-Serialization-Fragmentation">Section 13.3, “Fragmentation”</a>) should be at least 64 bits large, and really should not be smaller than 32 bits in size. Protocols should not permit fragments with overlapping contents.
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-Fragmentation"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">13.3. Fragmentation</h2></div></div></div><div class="para">
Some serialization formats use frames or protocol data units (PDUs) on lower levels which are smaller than the PDUs on higher levels. With such an architecture, higher-level PDUs may have to be <span class="emphasis"><em>fragmented</em></span> into smaller frames during serialization, and frames may need <span class="emphasis"><em>reassembly</em></span> into large PDUs during deserialization.
</div><div class="para">
Serialization formats may use conceptually similar structures for completely different purposes, for example storing multiple layers and color channels in a single image file.
@@ -1263,7 +1410,7 @@ func IOError(r io.Reader, buf []byte, processor Processor,
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
Avoid allocating significant amount of resources without proper authentication. Allocate memory for the unfragmented PDU as more and more and fragments are encountered, and not based on the initially advertised unfragmented PDU size, unless there is a sufficiently low limit on the unfragmented PDU size, so that over-allocation cannot lead to performance problems.
</div></li><li class="listitem"><div class="para">
- Reassembly queues on top of datagram-oriented transports should be bounded, both in the combined size of the arrived partial PDUs waiting for reassembly, and the total number of partially reassembled fragments. The latter limit helps to reduce the risk of accidental reassembly of unrelated fragments, as it can happen with small fragment IDs (see <a class="xref" href="#sect-Defensive_Coding-Tasks-Serialization-Fragmentation-ID">Section 12.3.1, “Fragment IDs”</a>). It also guards to some extent against deliberate injection of fragments, by guessing fragment IDs.
+ Reassembly queues on top of datagram-oriented transports should be bounded, both in the combined size of the arrived partial PDUs waiting for reassembly, and the total number of partially reassembled fragments. The latter limit helps to reduce the risk of accidental reassembly of unrelated fragments, as it can happen with small fragment IDs (see <a class="xref" href="#sect-Defensive_Coding-Tasks-Serialization-Fragmentation-ID">Section 13.3.1, “Fragment IDs”</a>). It also guards to some extent against deliberate injection of fragments, by guessing fragment IDs.
</div></li><li class="listitem"><div class="para">
Carefully keep track of which bytes in the unfragmented PDU have been covered by fragments so far. If message reordering is a concern, the most straightforward data structure for this is an array of bits, with one bit for every byte (or other atomic unit) in the unfragmented PDU. Complete reassembly can be determined by increasing a counter of set bits in the bit array as the bit array is updated, taking overlapping fragments into consideration.
</div></li><li class="listitem"><div class="para">
@@ -1272,11 +1419,11 @@ func IOError(r io.Reader, buf []byte, processor Processor,
Check for conflicting values of unfragmented PDU lengths (if this length information is part of every fragment) and reject fragments which are inconsistent.
</div></li><li class="listitem"><div class="para">
Validate fragment lengths and offsets of individual fragments against the unfragmented PDU length (if they are present). Check that the last byte in the fragment does not lie after the end of the unfragmented PDU. Avoid integer overflows in these computations (see <a class="xref" href="#sect-Defensive_Coding-C-Arithmetic">Section 1.1.3, “Recommendations for integer arithmetic”</a>).
- </div></li></ul></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-Fragmentation-ID"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.3.1. Fragment IDs</h3></div></div></div><div class="para">
+ </div></li></ul></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-Fragmentation-ID"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">13.3.1. Fragment IDs</h3></div></div></div><div class="para">
If the underlying transport is datagram-oriented (so that PDUs can be reordered, duplicated or be lost, like with UDP), fragment reassembly needs to take into account endpoint addresses of the communication channel, and there has to be some sort of fragment ID which identifies the individual fragments as part of a larger PDU. In addition, the fragmentation protocol will typically involve fragment offsets and fragment lengths, as mentioned above.
</div><div class="para">
If the transport may be subject to blind PDU injection (again, like UDP), the fragment ID must be generated randomly. If the fragment ID is 64 bit or larger (strongly recommended), it can be generated in a completely random fashion for most traffic volumes. If it is less than 64 bits large (so that accidental collisions can happen if a lot of PDUs are transmitted), the fragment ID should be incremented sequentially from a starting value. The starting value should be derived using a HMAC-like construction from the endpoint addresses, using a long-lived random key. This construction ensures that despite the limited range of the ID, accidental collisions are as unlikely as possible. (This will not work reliable with really short fragment IDs, such as the 16 bit IDs used by the Internet Protocol.)
- </div></div></div><div class="section" id="idm225453976880"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225453976880">12.4. Library support for deserialization</h2></div></div></div><div class="para">
+ </div></div></div><div class="section" id="idm225432336176"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225432336176">13.4. Library support for deserialization</h2></div></div></div><div class="para">
For some languages, generic libraries are available which allow to serialize and deserialize user-defined objects. The deserialization part comes in one of two flavors, depending on the library. The first kind uses type information in the data stream to control which objects are instantiated. The second kind uses type definitions supplied by the programmer. The first one allows arbitrary object instantiation, the second one generally does not.
</div><div class="para">
The following serialization frameworks are in the first category, are known to be unsafe, and must not be used for untrusted data:
@@ -1294,9 +1441,9 @@ func IOError(r io.Reader, buf []byte, processor Processor,
When using a type-directed deserialization format where the types of the deserialized objects are specified by the programmer, make sure that the objects which can be instantiated cannot perform any destructive actions in their destructors, even when the data members have been manipulated.
</div><div class="para">
In general, JSON decoders do not suffer from this problem. But you must not use the <code class="function">eval</code> function to parse JSON objects in Javascript; even with the regular expression filter from RFC 4627, there are still information leaks remaining. JSON-based formats can still turn out risky if they serve as an encoding form for any if the serialization frameworks listed above.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">12.5. XML serialization</h2></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">13.5. XML serialization</h2></div></div></div><div class="para">
- </div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-External"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.5.1. External references</h3></div></div></div><div class="para">
+ </div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-External"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">13.5.1. External references</h3></div></div></div><div class="para">
XML documents can contain external references. They can occur in various places.
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
In the DTD declaration in the header of an XML document:
@@ -1322,21 +1469,21 @@ func IOError(r io.Reader, buf []byte, processor Processor,
Originally, these external references were intended as unique identifiers, but by many XML implementations, they are used for locating the data for the referenced element. This causes unwanted network traffic, and may disclose file system contents or otherwise unreachable network resources, so this functionality should be disabled.
</div><div class="para">
Depending on the XML library, external referenced might be processed not just when parsing XML, but also when generating it.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-Entities"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.5.2. Entity expansion</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-Entities"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">13.5.2. Entity expansion</h3></div></div></div><div class="para">
When external DTD processing is disabled, an internal DTD subset can still contain entity definitions. Entity declarations can reference other entities. Some XML libraries expand entities automatically, and this processing cannot be switched off in some places (such as attribute values or content models). Without limits on the entity nesting level, this expansion results in data which can grow exponentially in length with size of the input. (If there is a limit on the nesting level, the growth is still polynomial, unless further limits are imposed.)
</div><div class="para">
Consequently, the processing internal DTD subsets should be disabled if possible, and only trusted DTDs should be processed. If a particular XML application does not permit such restrictions, then application-specific limits are called for.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.5.3. XInclude processing</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">13.5.3. XInclude processing</h3></div></div></div><div class="para">
XInclude processing can reference file and network resources and include them into the document, much like external entity references. When parsing untrusted XML documents, XInclude processing should be truned off.
</div><div class="para">
XInclude processing is also fairly complex and may pull in support for the XPointer and XPath specifications, considerably increasing the amount of code required for XML processing.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-Validation"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.5.4. Algorithmic complexity of XML validation</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-Validation"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">13.5.4. Algorithmic complexity of XML validation</h3></div></div></div><div class="para">
DTD-based XML validation uses regular expressions for content models. The XML specification requires that content models are deterministic, which means that efficient validation is possible. However, some implementations do not enforce determinism, and require exponential (or just polynomial) amount of space or time for validating some DTD/document combinations.
</div><div class="para">
XML schemas and RELAX NG (via the <code class="literal">xsd:</code> prefix) directly support textual regular expressions which are not required to be deterministic.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-Expat"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.5.5. Using Expat for XML parsing</h3></div></div></div><div class="para">
- By default, Expat does not try to resolve external IDs, so no steps are required to block them. However, internal entity declarations are processed. Installing a callback which stops parsing as soon as such entities are encountered disables them, see <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-Expat-EntityDeclHandler">Example 12.1, “Disabling XML entity processing with Expat”</a>. Expat does not perform any validation, so there are no problems related to that.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Expat-EntityDeclHandler"><h6>Example 12.1. Disabling XML entity processing with Expat</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-Expat"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">13.5.5. Using Expat for XML parsing</h3></div></div></div><div class="para">
+ By default, Expat does not try to resolve external IDs, so no steps are required to block them. However, internal entity declarations are processed. Installing a callback which stops parsing as soon as such entities are encountered disables them, see <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-Expat-EntityDeclHandler">Example 13.1, “Disabling XML entity processing with Expat”</a>. Expat does not perform any validation, so there are no problems related to that.
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Expat-EntityDeclHandler"><h6>Example 13.1. Disabling XML entity processing with Expat</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Stop the parser when an entity declaration is encountered.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_DataType">static</span> <span class="perl_DataType">void</span>
EntityDeclHandler(<span class="perl_DataType">void</span> *userData,
@@ -1348,8 +1495,8 @@ EntityDeclHandler(<span class="perl_DataType">void</span> *userData,
XML_StopParser((XML_Parser)userData, XML_FALSE);
}
</pre></div></div><br class="example-break" /><div class="para">
- This handler must be installed when the <code class="literal">XML_Parser</code> object is created (<a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-Expat-Create">Example 12.2, “Creating an Expat XML parser”</a>).
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Expat-Create"><h6>Example 12.2. Creating an Expat XML parser</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ This handler must be installed when the <code class="literal">XML_Parser</code> object is created (<a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-Expat-Create">Example 13.2, “Creating an Expat XML parser”</a>).
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Expat-Create"><h6>Example 13.2. Creating an Expat XML parser</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
XML_Parser parser = XML_ParserCreate(<span class="perl_String">"UTF-8"</span>);
<span class="perl_Keyword">if</span> (parser == NULL) {
fprintf(stderr, <span class="perl_String">"XML_ParserCreate failed</span><span class="perl_Char">\n</span><span class="perl_String">"</span>);
@@ -1363,11 +1510,11 @@ XML_Parser parser = XML_ParserCreate(<span class="perl_String">"UTF-8"</span>);
<span class="perl_Comment"></span>XML_SetEntityDeclHandler(parser, EntityDeclHandler);
</pre></div></div><br class="example-break" /><div class="para">
It is also possible to reject internal DTD subsets altogeher, using a suitable <code class="literal">XML_StartDoctypeDeclHandler</code> handler installed with <code class="function">XML_SetDoctypeDeclHandler</code>.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-Qt"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.5.6. Using Qt for XML parsing</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-Qt"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">13.5.6. Using Qt for XML parsing</h3></div></div></div><div class="para">
The XML component of Qt, QtXml, does not resolve external IDs by default, so it is not requred to prevent such resolution. Internal entities are processed, though. To change that, a custom <code class="literal">QXmlDeclHandler</code> and <code class="literal">QXmlSimpleReader</code> subclasses are needed. It is not possible to use the <code class="function">QDomDocument::setContent(const QByteArray &)</code> convenience methods.
</div><div class="para">
- <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-Qt-NoEntityHandler">Example 12.3, “A QtXml entity handler which blocks entity processing”</a> shows an entity handler which always returns errors, causing parsing to stop when encountering entity declarations.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Qt-NoEntityHandler"><h6>Example 12.3. A QtXml entity handler which blocks entity processing</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-Qt-NoEntityHandler">Example 13.3, “A QtXml entity handler which blocks entity processing”</a> shows an entity handler which always returns errors, causing parsing to stop when encountering entity declarations.
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Qt-NoEntityHandler"><h6>Example 13.3. A QtXml entity handler which blocks entity processing</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
class NoEntityHandler : public QXmlDeclHandler {
public:
bool attributeDecl(<span class="perl_DataType">const</span> QString&, <span class="perl_DataType">const</span> QString&, <span class="perl_DataType">const</span> QString&,
@@ -1405,8 +1552,8 @@ NoEntityHandler::errorString() <span class="perl_DataType">const</span>
<span class="perl_Keyword">return</span> <span class="perl_String">"XML declaration not permitted"</span>;
}
</pre></div></div><br class="example-break" /><div class="para">
- This handler is used in the custom <code class="literal">QXmlReader</code> subclass in <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-Qt-NoEntityReader">Example 12.4, “A QtXml XML reader which blocks entity processing”</a>. Some parts of QtXml will call the <code class="function">setDeclHandler(QXmlDeclHandler *)</code> method. Consequently, we prevent overriding our custom handler by providing a definition of this method which does nothing. In the constructor, we activate namespace processing; this part may need adjusting.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Qt-NoEntityReader"><h6>Example 12.4. A QtXml XML reader which blocks entity processing</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ This handler is used in the custom <code class="literal">QXmlReader</code> subclass in <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-Qt-NoEntityReader">Example 13.4, “A QtXml XML reader which blocks entity processing”</a>. Some parts of QtXml will call the <code class="function">setDeclHandler(QXmlDeclHandler *)</code> method. Consequently, we prevent overriding our custom handler by providing a definition of this method which does nothing. In the constructor, we activate namespace processing; this part may need adjusting.
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Qt-NoEntityReader"><h6>Example 13.4. A QtXml XML reader which blocks entity processing</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
class NoEntityReader : public QXmlSimpleReader {
NoEntityHandler handler;
public:
@@ -1427,8 +1574,8 @@ NoEntityReader::setDeclHandler(QXmlDeclHandler *)
<span class="perl_Comment">// Ignore the handler which was passed in.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>}
</pre></div></div><br class="example-break" /><div class="para">
- Our <code class="literal">NoEntityReader</code> class can be used with one of the overloaded <code class="function">QDomDocument::setContent</code> methods. <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-Qt-QDomDocument">Example 12.5, “Parsing an XML document with QDomDocument, without entity expansion”</a> shows how the <code class="literal">buffer</code> object (of type <code class="literal">QByteArray</code>) is wrapped as a <code class="literal">QXmlInputSource</code>. After calling the <code class="function">setContent</code> method, you should check the return value and report any error.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Qt-QDomDocument"><h6>Example 12.5. Parsing an XML document with QDomDocument, without entity expansion</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ Our <code class="literal">NoEntityReader</code> class can be used with one of the overloaded <code class="function">QDomDocument::setContent</code> methods. <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-Qt-QDomDocument">Example 13.5, “Parsing an XML document with QDomDocument, without entity expansion”</a> shows how the <code class="literal">buffer</code> object (of type <code class="literal">QByteArray</code>) is wrapped as a <code class="literal">QXmlInputSource</code>. After calling the <code class="function">setContent</code> method, you should check the return value and report any error.
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Qt-QDomDocument"><h6>Example 13.5. Parsing an XML document with QDomDocument, without entity expansion</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
NoEntityReader reader;
QBuffer buffer(&data);
buffer.open(QIODevice::ReadOnly);
@@ -1439,13 +1586,13 @@ QString errorMsg;
<span class="perl_DataType">int</span> errorColumn;
bool okay = doc.setContent
(&source, &reader, &errorMsg, &errorLine, &errorColumn);
-</pre></div></div><br class="example-break" /></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.5.7. Using OpenJDK for XML parsing and validation</h3></div></div></div><div class="para">
+</pre></div></div><br class="example-break" /></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">13.5.7. Using OpenJDK for XML parsing and validation</h3></div></div></div><div class="para">
OpenJDK contains facilities for DOM-based, SAX-based, and StAX-based document parsing. Documents can be validated against DTDs or XML schemas.
</div><div class="para">
- The approach taken to deal with entity expansion differs from the general recommendation in <a class="xref" href="#sect-Defensive_Coding-Tasks-Serialization-XML-Entities">Section 12.5.2, “Entity expansion”</a>. We enable the the feature flag <code class="literal">javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING</code>, which enforces heuristic restrictions on the number of entity expansions. Note that this flag alone does not prevent resolution of external references (system IDs or public IDs), so it is slightly misnamed.
+ The approach taken to deal with entity expansion differs from the general recommendation in <a class="xref" href="#sect-Defensive_Coding-Tasks-Serialization-XML-Entities">Section 13.5.2, “Entity expansion”</a>. We enable the the feature flag <code class="literal">javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING</code>, which enforces heuristic restrictions on the number of entity expansions. Note that this flag alone does not prevent resolution of external references (system IDs or public IDs), so it is slightly misnamed.
</div><div class="para">
In the following sections, we use helper classes to prevent external ID resolution.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-NoEntityResolver"><h6>Example 12.6. Helper class to prevent DTD external entity resolution in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-NoEntityResolver"><h6>Example 13.6. Helper class to prevent DTD external entity resolution in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Keyword">class</span> NoEntityResolver <span class="perl_Keyword">implements</span> EntityResolver {
@Override
<span class="perl_Keyword">public</span> InputSource <span class="perl_Function">resolveEntity</span>(String publicId, String systemId)
@@ -1455,7 +1602,7 @@ bool okay = doc.setContent
<span class="perl_Function"></span> <span class="perl_String">"attempt to resolve </span><span class="perl_Char">\"</span><span class="perl_String">%s</span><span class="perl_Char">\"</span><span class="perl_String"> </span><span class="perl_Char">\"</span><span class="perl_String">%s</span><span class="perl_Char">\"</span><span class="perl_String">"</span>, publicId, systemId));
}
}
-</pre></div></div><br class="example-break" /><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-NoResourceResolver"><h6>Example 12.7. Helper class to prevent schema resolution in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+</pre></div></div><br class="example-break" /><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-NoResourceResolver"><h6>Example 13.7. Helper class to prevent schema resolution in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Keyword">class</span> NoResourceResolver <span class="perl_Keyword">implements</span> LSResourceResolver {
@Override
<span class="perl_Keyword">public</span> LSInput <span class="perl_Function">resolveResource</span>(String type, String namespaceURI,
@@ -1468,8 +1615,8 @@ bool okay = doc.setContent
}
}
</pre></div></div><br class="example-break" /><div class="para">
- <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-Imports">Example 12.8, “Java imports for OpenJDK XML parsing”</a> shows the imports used by the examples.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-Imports"><h6>Example 12.8. Java imports for OpenJDK XML parsing</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-Imports">Example 13.8, “Java imports for OpenJDK XML parsing”</a> shows the imports used by the examples.
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-Imports"><h6>Example 13.8. Java imports for OpenJDK XML parsing</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Keyword">import</span> javax.xml.XMLConstants;
<span class="perl_Keyword">import</span> javax.xml.parsers.DocumentBuilder;
<span class="perl_Keyword">import</span> javax.xml.parsers.DocumentBuilderFactory;
@@ -1491,9 +1638,9 @@ bool okay = doc.setContent
<span class="perl_Keyword">import</span> org.xml.sax.SAXException;
<span class="perl_Keyword">import</span> org.xml.sax.SAXParseException;
<span class="perl_Keyword">import org.xml.sax.XMLReader;</span>
-</pre></div></div><br class="example-break" /><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-DOM"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title">12.5.7.1. DOM-based XML parsing and DTD validation in OpenJDK</h4></div></div></div><div class="para">
- This approach produces a <code class="literal">org.w3c.dom.Document</code> object from an input stream. <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-DOM">Example 12.9, “DOM-based XML parsing in OpenJDK”</a> use the data from the <code class="literal">java.io.InputStream</code> instance in the <code class="literal">inputStream</code> variable.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-DOM"><h6>Example 12.9. DOM-based XML parsing in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+</pre></div></div><br class="example-break" /><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-DOM"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title">13.5.7.1. DOM-based XML parsing and DTD validation in OpenJDK</h4></div></div></div><div class="para">
+ This approach produces a <code class="literal">org.w3c.dom.Document</code> object from an input stream. <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-DOM">Example 13.9, “DOM-based XML parsing in OpenJDK”</a> use the data from the <code class="literal">java.io.InputStream</code> instance in the <code class="literal">inputStream</code> variable.
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-DOM"><h6>Example 13.9. DOM-based XML parsing in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
DocumentBuilderFactory factory = DocumentBuilderFactory.<span class="perl_Function">newInstance</span>();
<span class="perl_Comment">// Impose restrictions on the complexity of the DTD.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>factory.<span class="perl_Function">setFeature</span>(XMLConstants.<span class="perl_Function">FEATURE_SECURE_PROCESSING</span>, <span class="perl_Keyword">true</span>);
@@ -1508,12 +1655,12 @@ builder.<span class="perl_Function">setEntityResolver</span>(<span class="perl_K
builder.<span class="perl_Function">setErrorHandler</span>(<span class="perl_Keyword">new</span> <span class="perl_Function">Errors</span>());
Document document = builder.<span class="perl_Function">parse</span>(inputStream);
</pre></div></div><br class="example-break" /><div class="para">
- External entity references are prohibited using the <code class="literal">NoEntityResolver</code> class in <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-NoEntityResolver">Example 12.6, “Helper class to prevent DTD external entity resolution in OpenJDK”</a>. Because external DTD references are prohibited, DTD validation (if enabled) will only happen against the internal DTD subset embedded in the XML document.
+ External entity references are prohibited using the <code class="literal">NoEntityResolver</code> class in <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-NoEntityResolver">Example 13.6, “Helper class to prevent DTD external entity resolution in OpenJDK”</a>. Because external DTD references are prohibited, DTD validation (if enabled) will only happen against the internal DTD subset embedded in the XML document.
</div><div class="para">
To validate the document against an external DTD, use a <code class="literal">javax.xml.transform.Transformer</code> class to add the DTD reference to the document, and an entity resolver which whitelists this external reference.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title">12.5.7.2. XML Schema validation in OpenJDK</h4></div></div></div><div class="para">
- <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_SAX">Example 12.10, “SAX-based validation against an XML schema in OpenJDK”</a> shows how to validate a document against an XML Schema, using a SAX-based approach. The XML data is read from an <code class="literal">java.io.InputStream</code> in the <code class="literal">inputStream</code> variable.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_SAX"><h6>Example 12.10. SAX-based validation against an XML schema in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title">13.5.7.2. XML Schema validation in OpenJDK</h4></div></div></div><div class="para">
+ <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_SAX">Example 13.10, “SAX-based validation against an XML schema in OpenJDK”</a> shows how to validate a document against an XML Schema, using a SAX-based approach. The XML data is read from an <code class="literal">java.io.InputStream</code> in the <code class="literal">inputStream</code> variable.
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_SAX"><h6>Example 13.10. SAX-based validation against an XML schema in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
SchemaFactory factory = SchemaFactory.<span class="perl_Function">newInstance</span>(
XMLConstants.<span class="perl_Function">W3C_XML_SCHEMA_NS_URI</span>);
@@ -1535,10 +1682,10 @@ Validator validator = schema.<span class="perl_Function">newValidator</span>();
validator.<span class="perl_Function">validate</span>(<span class="perl_Keyword">new</span> SAXSource(<span class="perl_Keyword">new</span> InputSource(inputStream)));
</pre></div></div><br class="example-break" /><div class="para">
- The <code class="literal">NoResourceResolver</code> class is defined in <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-NoResourceResolver">Example 12.7, “Helper class to prevent schema resolution in OpenJDK”</a>.
+ The <code class="literal">NoResourceResolver</code> class is defined in <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-NoResourceResolver">Example 13.7, “Helper class to prevent schema resolution in OpenJDK”</a>.
</div><div class="para">
- If you need to validate a document against an XML schema, use the code in <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-DOM">Example 12.9, “DOM-based XML parsing in OpenJDK”</a> to create the document, but do not enable validation at this point. Then use <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_DOM">Example 12.11, “Validation of a DOM document against an XML schema in OpenJDK”</a> to perform the schema-based validation on the <code class="literal">org.w3c.dom.Document</code> instance <code class="literal">document</code>.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_DOM"><h6>Example 12.11. Validation of a DOM document against an XML schema in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ If you need to validate a document against an XML schema, use the code in <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-DOM">Example 13.9, “DOM-based XML parsing in OpenJDK”</a> to create the document, but do not enable validation at this point. Then use <a class="xref" href="#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_DOM">Example 13.11, “Validation of a DOM document against an XML schema in OpenJDK”</a> to perform the schema-based validation on the <code class="literal">org.w3c.dom.Document</code> instance <code class="literal">document</code>.
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_DOM"><h6>Example 13.11. Validation of a DOM document against an XML schema in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
SchemaFactory factory = SchemaFactory.<span class="perl_Function">newInstance</span>(
XMLConstants.<span class="perl_Function">W3C_XML_SCHEMA_NS_URI</span>);
@@ -1556,17 +1703,17 @@ Validator validator = schema.<span class="perl_Function">newValidator</span>();
<span class="perl_Comment">// This prevents external resource resolution.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>validator.<span class="perl_Function">setResourceResolver</span>(<span class="perl_Keyword">new</span> <span class="perl_Function">NoResourceResolver</span>());
validator.<span class="perl_Function">validate</span>(<span class="perl_Keyword">new</span> DOMSource(document));
-</pre></div></div><br class="example-break" /></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-Other"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title">12.5.7.3. Other XML parsers in OpenJDK</h4></div></div></div><div class="para">
+</pre></div></div><br class="example-break" /></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-Other"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title">13.5.7.3. Other XML parsers in OpenJDK</h4></div></div></div><div class="para">
OpenJDK contains additional XML parsing and processing facilities. Some of them are insecure.
</div><div class="para">
- The class <span class="type">java.beans.XMLDecoder</span> acts as a bridge between the Java object serialization format and XML. It is close to impossible to securely deserialize Java objects in this format from untrusted inputs, so its use is not recommended, as with the Java object serialization format itself. See <a class="xref" href="#sect-Defensive_Coding-Tasks-Serialization-Library">Section 12.4, “Library support for deserialization”</a>.
- </div></div></div></div><div class="section" id="idm225461438784"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225461438784">12.6. Protocol Encoders</h2></div></div></div><div class="para">
+ The class <span class="type">java.beans.XMLDecoder</span> acts as a bridge between the Java object serialization format and XML. It is close to impossible to securely deserialize Java objects in this format from untrusted inputs, so its use is not recommended, as with the Java object serialization format itself. See <a class="xref" href="#sect-Defensive_Coding-Tasks-Serialization-Library">Section 13.4, “Library support for deserialization”</a>.
+ </div></div></div></div><div class="section" id="idm225490272272"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225490272272">13.6. Protocol Encoders</h2></div></div></div><div class="para">
For protocol encoders, you should write bytes to a buffer which grows as needed, using an exponential sizing policy. Explicit lengths can be patched in later, once they are known. Allocating the required number of bytes upfront typically requires separate code to compute the final size, which must be kept in sync with the actual encoding step, or vulnerabilities may result. In multi-threaded code, parts of the object being deserialized might change, so that the computed size is out of date.
</div><div class="para">
You should avoid copying data directly from a received packet during encoding, disregarding the format. Propagating malformed data could enable attacks on other recipients of that data.
</div><div class="para">
When using C or C++ and copying whole data structures directly into the output, make sure that you do not leak information in padding bytes between fields or at the end of the <code class="literal">struct</code>.
- </div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-Cryptography" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 13. Cryptography</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#idm225439624448">13.1. Primitives</a></span></dt><dt><span class="section"><a href="#idm225469447536">13.2. Randomness</a></span></dt></dl></div><div class="section" id="idm225439624448"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225439624448">13.1. Primitives</h2></div></div></div><div class="para">
+ </div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-Cryptography" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 14. Cryptography</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#idm225484622624">14.1. Primitives</a></span></dt><dt><span class="section"><a href="#idm225440268992">14.2. Randomness</a></span></dt></dl></div><div class="section" id="idm225484622624"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225484622624">14.1. Primitives</h2></div></div></div><div class="para">
Choosing from the following cryptographic primitives is recommended:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
RSA with 2048 bit keys and OAEP
@@ -1595,8 +1742,8 @@ validator.<span class="perl_Function">validate</span>(<span class="perl_Keyword"
</div></li><li class="listitem"><div class="para">
HMAC-MD5
</div></li></ul></div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
- These primitives are difficult to use in a secure way. Custom implementation of security protocols should be avoided. For protecting confidentiality and integrity of network transmissions, TLS should be used (<a class="xref" href="#chap-Defensive_Coding-TLS">Chapter 16, <em>Transport Layer Security</em></a>).
- </div></div></div></div><div class="section" id="idm225469447536"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225469447536">13.2. Randomness</h2></div></div></div><div class="para">
+ These primitives are difficult to use in a secure way. Custom implementation of security protocols should be avoided. For protecting confidentiality and integrity of network transmissions, TLS should be used (<a class="xref" href="#chap-Defensive_Coding-TLS">Chapter 17, <em>Transport Layer Security</em></a>).
+ </div></div></div></div><div class="section" id="idm225440268992"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225440268992">14.2. Randomness</h2></div></div></div><div class="para">
The following facilities can be used to generate unpredictable and non-repeating values. When these functions are used without special safeguards, each individual random value should be at least 12 bytes long.
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
<code class="function">PK11_GenerateRandom</code> in the NSS library (usable for high data rates)
@@ -1618,10 +1765,10 @@ validator.<span class="perl_Function">validate</span>(<span class="perl_Keyword"
Other sources of randomness should be considered predictable.
</div><div class="para">
Generating randomness for cryptographic keys in long-term use may need different steps and is best left to cryptographic libraries.
- </div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-Packaging" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 14. RPM packaging</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Packaging-Certificates">14.1. Generating X.509 self-signed certificates during installation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Packaging-Certificates-Service">14.2. Generating X.509 self-signed certificates before service start</a></span></dt></dl></div><div class="para">
+ </div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-Packaging" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 15. RPM packaging</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Packaging-Certificates">15.1. Generating X.509 self-signed certificates during installation</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Tasks-Packaging-Certificates-Service">15.2. Generating X.509 self-signed certificates before service start</a></span></dt></dl></div><div class="para">
This chapter deals with security-related concerns around RPM packaging. It has to be read in conjunction with distribution-specific packaging guidelines.
- </div><div class="section" id="sect-Defensive_Coding-Tasks-Packaging-Certificates"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">14.1. Generating X.509 self-signed certificates during installation</h2></div></div></div><div class="para">
- Some applications need X.509 certificates for authentication purposes. For example, a single private/public key pair could be used to define cluster membership, enabling authentication and encryption of all intra-cluster communication. (Lack of certification from a CA matters less in such a context.) For such use, generating the key pair at package installation time when preparing system images for use in the cluster is reasonable. For other use cases, it is necessary to generate the key pair before the service is started for the first time, see <a class="xref" href="#sect-Defensive_Coding-Tasks-Packaging-Certificates-Service">Section 14.2, “Generating X.509 self-signed certificates before service start”</a>.
+ </div><div class="section" id="sect-Defensive_Coding-Tasks-Packaging-Certificates"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">15.1. Generating X.509 self-signed certificates during installation</h2></div></div></div><div class="para">
+ Some applications need X.509 certificates for authentication purposes. For example, a single private/public key pair could be used to define cluster membership, enabling authentication and encryption of all intra-cluster communication. (Lack of certification from a CA matters less in such a context.) For such use, generating the key pair at package installation time when preparing system images for use in the cluster is reasonable. For other use cases, it is necessary to generate the key pair before the service is started for the first time, see <a class="xref" href="#sect-Defensive_Coding-Tasks-Packaging-Certificates-Service">Section 15.2, “Generating X.509 self-signed certificates before service start”</a>.
</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
The way the key is generated may not be suitable for key material of critical value. (<code class="command">openssl genrsa</code> uses, but does not require, entropy from a physical source of randomness, among other things.) Such keys should be stored in a hardware security module if possible, and generated from random bits reserved for this purpose derived from a non-deterministic physical source.
</div></div></div><div class="para">
@@ -1636,8 +1783,8 @@ validator.<span class="perl_Function">validate</span>(<span class="perl_Keyword"
</pre></div><div class="para">
These variables likely need adjustment based on the needs of the package.
</div><div class="para">
- Typically, the file with the private key needs to be owned by the system user which needs to read it, <code class="literal">%{tlsuser}</code> (not <code class="literal">root</code>). In order to avoid races, if the <span class="emphasis"><em>directory</em></span> <code class="literal">%{tlsdir}</code> is <span class="emphasis"><em>owned by the services user</em></span>, you should use the code in <a class="xref" href="#ex-Defensive_Coding-Packaging-Certificates-Owned">Example 14.1, “Creating a key pair in a user-owned directory”</a>. The invocation of <span class="application"><strong>su</strong></span> with the <code class="option">-s /bin/bash</code> argument is necessary in case the login shell for the user has been disabled.
- </div><div class="example" id="ex-Defensive_Coding-Packaging-Certificates-Owned"><h6>Example 14.1. Creating a key pair in a user-owned directory</h6><div class="example-contents"><pre class="programlisting">
+ Typically, the file with the private key needs to be owned by the system user which needs to read it, <code class="literal">%{tlsuser}</code> (not <code class="literal">root</code>). In order to avoid races, if the <span class="emphasis"><em>directory</em></span> <code class="literal">%{tlsdir}</code> is <span class="emphasis"><em>owned by the services user</em></span>, you should use the code in <a class="xref" href="#ex-Defensive_Coding-Packaging-Certificates-Owned">Example 15.1, “Creating a key pair in a user-owned directory”</a>. The invocation of <span class="application"><strong>su</strong></span> with the <code class="option">-s /bin/bash</code> argument is necessary in case the login shell for the user has been disabled.
+ </div><div class="example" id="ex-Defensive_Coding-Packaging-Certificates-Owned"><h6>Example 15.1. Creating a key pair in a user-owned directory</h6><div class="example-contents"><pre class="programlisting">
%post
<span class="perl_Keyword">if</span><span class="perl_Reserved"> [</span> <span class="perl_Others">$1</span> -eq 1<span class="perl_Reserved"> ]</span> ; <span class="perl_Keyword">then</span>
<span class="perl_Keyword">if</span> ! <span class="perl_Reserved">test</span> -e %<span class="perl_DataType">{tlskey}</span> ; <span class="perl_Keyword">then</span>
@@ -1661,8 +1808,8 @@ validator.<span class="perl_Function">validate</span>(<span class="perl_Keyword"
</pre></div></div><br class="example-break" /><div class="para">
The files containing the key material are marked as ghost configuration files. This ensures that they are tracked in the RPM database as associated with the package, but RPM will not create them when the package is installed and not verify their contents (the <code class="literal">%ghost</code>), or delete the files when the package is uninstalled (the <code class="literal">%config(noreplace)</code> part).
</div><div class="para">
- If the <span class="emphasis"><em>directory</em></span> <code class="literal">%{tlsdir}</code> <span class="emphasis"><em>is owned by</em></span> <code class="literal">root</code>, use the code in <a class="xref" href="#ex-Defensive_Coding-Packaging-Certificates-Unowned">Example 14.2, “Creating a key pair in a <code class="literal">root</code>-owned directory”</a>.
- </div><div class="example" id="ex-Defensive_Coding-Packaging-Certificates-Unowned"><h6>Example 14.2. Creating a key pair in a <code class="literal">root</code>-owned directory</h6><div class="example-contents"><pre class="programlisting">
+ If the <span class="emphasis"><em>directory</em></span> <code class="literal">%{tlsdir}</code> <span class="emphasis"><em>is owned by</em></span> <code class="literal">root</code>, use the code in <a class="xref" href="#ex-Defensive_Coding-Packaging-Certificates-Unowned">Example 15.2, “Creating a key pair in a <code class="literal">root</code>-owned directory”</a>.
+ </div><div class="example" id="ex-Defensive_Coding-Packaging-Certificates-Unowned"><h6>Example 15.2. Creating a key pair in a <code class="literal">root</code>-owned directory</h6><div class="example-contents"><pre class="programlisting">
%post
<span class="perl_Keyword">if</span><span class="perl_Reserved"> [</span> <span class="perl_Others">$1</span> -eq 1<span class="perl_Reserved"> ]</span> ; <span class="perl_Keyword">then</span>
<span class="perl_Keyword">if</span> ! <span class="perl_Reserved">test</span> -e %<span class="perl_DataType">{tlskey}</span> ; <span class="perl_Keyword">then</span>
@@ -1682,13 +1829,13 @@ validator.<span class="perl_Function">validate</span>(<span class="perl_Keyword"
%ghost %attr<span class="perl_Keyword">(</span>0644,root,root<span class="perl_Keyword">)</span> %config<span class="perl_Keyword">(</span>noreplace<span class="perl_Keyword">)</span> %<span class="perl_DataType">{tlscert}</span>
</pre></div></div><br class="example-break" /><div class="para">
In order for this to work, the package which generates the keys must require the <span class="application"><strong>openssl</strong></span> package. If the user which owns the key file is generated by a different package, the package generating the certificate must specify a <code class="literal">Requires(pre):</code> on the package which creates the user. This ensures that the user account will exist when it is needed for the <span class="application"><strong>su</strong></span> or <span class="application"><strong>chmod</strong></span> invocation.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Packaging-Certificates-Service"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">14.2. Generating X.509 self-signed certificates before service start</h2></div></div></div><div class="para">
- An alternative way to automatically provide an X.509 key pair is to create it just before the service is started for the first time. This ensures that installation images which are created from installed RPM packages receive different key material. Creating the key pair at package installation time (see <a class="xref" href="#sect-Defensive_Coding-Tasks-Packaging-Certificates">Section 14.1, “Generating X.509 self-signed certificates during installation”</a>) would put the key into the image, which may or may not make sense.
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Packaging-Certificates-Service"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">15.2. Generating X.509 self-signed certificates before service start</h2></div></div></div><div class="para">
+ An alternative way to automatically provide an X.509 key pair is to create it just before the service is started for the first time. This ensures that installation images which are created from installed RPM packages receive different key material. Creating the key pair at package installation time (see <a class="xref" href="#sect-Defensive_Coding-Tasks-Packaging-Certificates">Section 15.1, “Generating X.509 self-signed certificates during installation”</a>) would put the key into the image, which may or may not make sense.
</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
- The caveats about the way the key is generated in <a class="xref" href="#sect-Defensive_Coding-Tasks-Packaging-Certificates">Section 14.1, “Generating X.509 self-signed certificates during installation”</a> apply to this procedure as well.
+ The caveats about the way the key is generated in <a class="xref" href="#sect-Defensive_Coding-Tasks-Packaging-Certificates">Section 15.1, “Generating X.509 self-signed certificates during installation”</a> apply to this procedure as well.
</div></div></div><div class="para">
Generating key material before service start may happen very early during boot, when the kernel randomness pool has not yet been initialized. Currently, the only way to check for the initialization is to look for the kernel message <code class="literal">random: nonblocking pool is initialized</code>. In theory, it is also possible to read from <code class="filename">/dev/random</code> while generating the key material (instead of <code class="filename">/dev/urandom</code>), but this can block not just during the boot process, but also much later at run time, and generally results in a poor user experience.
- </div></div></div></div><div class="part" id="idm225439368352"><div class="titlepage"><div><div text-align="center"><h1 class="title">Part III. Implementing Security Features</h1></div></div></div><div class="toc"><p><strong>Table of Contents</strong></p><dl class="toc"><dt><span class="chapter"><a href="#chap-Defensive_Coding-Authentication">15. Authentication and Authorization</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-Server">15.1. Authenticating servers</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-Host_based">15.2. Host-based authentication</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-UNIX_Domain">15.3. UNIX domain socket authentication</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-Netlink">15.4. <code class="literal">AF_NETLINK</code> authentication of origin</a></span></dt></dl></dd><dt>
<span class="chapter"><a href="#chap-Defensive_Coding-TLS">16. Transport Layer Security</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls">16.1. Common Pitfalls</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-OpenSSL">16.1.1. OpenSSL Pitfalls</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls-GNUTLS">16.1.2. GNUTLS Pitfalls</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls-OpenJDK">16.1.3. OpenJDK Pitfalls</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls-NSS">16.1.4. NSS Pitfalls</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client">16.2. TLS Clients</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225459421792">16.2.1. Implementation TLS Clients With OpenSSL</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-C
lient-GNUTLS">16.2.2. Implementation TLS Clients With GNUTLS</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-OpenJDK">16.2.3. Implementing TLS Clients With OpenJDK</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-NSS">16.2.4. Implementing TLS Clients With NSS</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-Python">16.2.5. Implementing TLS Clients With Python</a></span></dt></dl></dd></dl></dd></dl></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Authentication" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 15. Authentication and Authorization</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-Server">15.1. Authenticating servers</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-Host_based">15.2. Host-based au
thentication</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-UNIX_Domain">15.3. UNIX domain socket authentication</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-Netlink">15.4. <code class="literal">AF_NETLINK</code> authentication of origin</a></span></dt></dl></div><div class="section" id="sect-Defensive_Coding-Authentication-Server"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">15.1. Authenticating servers</h2></div></div></div><div class="para">
+ </div></div></div></div><div class="part" id="idm225445121008"><div class="titlepage"><div><div text-align="center"><h1 class="title">Part III. Implementing Security Features</h1></div></div></div><div class="toc"><p><strong>Table of Contents</strong></p><dl class="toc"><dt><span class="chapter"><a href="#chap-Defensive_Coding-Authentication">16. Authentication and Authorization</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-Server">16.1. Authenticating servers</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-Host_based">16.2. Host-based authentication</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-UNIX_Domain">16.3. UNIX domain socket authentication</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-Netlink">16.4. <code class="literal">AF_NETLINK</code> authentication of origin</a></span></dt></dl></dd><dt>
<span class="chapter"><a href="#chap-Defensive_Coding-TLS">17. Transport Layer Security</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls">17.1. Common Pitfalls</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-OpenSSL">17.1.1. OpenSSL Pitfalls</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls-GNUTLS">17.1.2. GNUTLS Pitfalls</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls-OpenJDK">17.1.3. OpenJDK Pitfalls</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls-NSS">17.1.4. NSS Pitfalls</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client">17.2. TLS Clients</a></span></dt><dd><dl><dt><span class="section"><a href="#idm225446049504">17.2.1. Implementation TLS Clients With OpenSSL</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-C
lient-GNUTLS">17.2.2. Implementation TLS Clients With GNUTLS</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-OpenJDK">17.2.3. Implementing TLS Clients With OpenJDK</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-NSS">17.2.4. Implementing TLS Clients With NSS</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-Python">17.2.5. Implementing TLS Clients With Python</a></span></dt></dl></dd></dl></dd></dl></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Authentication" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 16. Authentication and Authorization</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-Server">16.1. Authenticating servers</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-Host_based">16.2. Host-based au
thentication</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-UNIX_Domain">16.3. UNIX domain socket authentication</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-Authentication-Netlink">16.4. <code class="literal">AF_NETLINK</code> authentication of origin</a></span></dt></dl></div><div class="section" id="sect-Defensive_Coding-Authentication-Server"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">16.1. Authenticating servers</h2></div></div></div><div class="para">
When connecting to a server, a client has to make sure that it is actually talking to the server it expects. There are two different aspects, securing the network path, and making sure that the expected user runs the process on the target host. There are several ways to ensure that:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
The server uses a TLS certificate which is valid according to the web browser public key infrastructure, and the client verifies the certificate and the host name.
@@ -1699,10 +1846,10 @@ validator.<span class="perl_Function">validate</span>(<span class="perl_Keyword"
</div></li><li class="listitem"><div class="para">
Port numbers less than 1024 (<span class="emphasis"><em>trusted ports</em></span>) can only be used by <code class="literal">root</code>, so if a UDP or TCP server is running on the local host and it uses a trusted port, its identity is assured. (Not all operating systems enforce the trusted ports concept, and the network might not be trusted, so it is only useful on the local system.)
</div></li></ul></div><div class="para">
- TLS (<a class="xref" href="#chap-Defensive_Coding-TLS">Chapter 16, <em>Transport Layer Security</em></a>) is the recommended way for securing connections over untrusted networks.
+ TLS (<a class="xref" href="#chap-Defensive_Coding-TLS">Chapter 17, <em>Transport Layer Security</em></a>) is the recommended way for securing connections over untrusted networks.
</div><div class="para">
If the server port number is 1024 is higher, a local user can impersonate the process by binding to this socket, perhaps after crashing the real server by exploiting a denial-of-service vulnerability.
- </div></div><div class="section" id="sect-Defensive_Coding-Authentication-Host_based"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">15.2. Host-based authentication</h2></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-Authentication-Host_based"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">16.2. Host-based authentication</h2></div></div></div><div class="para">
Host-based authentication uses access control lists (ACLs) to accept or deny requests from clients. Thsis authentication method comes in two flavors: IP-based (or, more generally, address-based) and name-based (with the name coming from DNS or <code class="filename">/etc/hosts</code>). IP-based ACLs often use prefix notation to extend access to entire subnets. Name-based ACLs sometimes use wildcards for adding groups of hosts (from entire DNS subtrees). (In the SSH context, host-based authentication means something completely different and is not covered in this section.)
</div><div class="para">
Host-based authentication trust the network and may not offer sufficient granularity, so it has to be considered a weak form of authentication. On the other hand, IP-based authentication can be made extremely robust and can be applied very early in input processing, so it offers an opportunity for significantly reducing the number of potential attackers for many services.
@@ -1714,7 +1861,7 @@ validator.<span class="perl_Function">validate</span>(<span class="perl_Keyword"
Similarly, if an address or name is not matched by the list, it should be denied. However, many implementations behave differently, so the actual behavior must be documented properly.
</div><div class="para">
IPv6 addresses can embed IPv4 addresses. There is no universally correct way to deal with this ambiguity. The behavior of the ACL implementation should be documented.
- </div></div><div class="section" id="sect-Defensive_Coding-Authentication-UNIX_Domain"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">15.3. UNIX domain socket authentication</h2></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-Authentication-UNIX_Domain"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">16.3. UNIX domain socket authentication</h2></div></div></div><div class="para">
UNIX domain sockets (with address family <code class="literal">AF_UNIX</code> or <code class="literal">AF_LOCAL</code>) are restricted to the local host and offer a special authentication mechanism: credentials passing.
</div><div class="para">
Nowadays, most systems support the <code class="literal">SO_PEERCRED</code> (Linux) or <code class="literal">LOCAL_PEERCRED</code> (FreeBSD) socket options, or the <code class="function">getpeereid</code> (other BSDs, MacOS X). These interfaces provide direct access to the (effective) user ID on the other end of a domain socket connect, without cooperation from the other end.
@@ -1722,15 +1869,15 @@ validator.<span class="perl_Function">validate</span>(<span class="perl_Keyword"
Historically, credentials passing was implemented using ancillary data in the <code class="function">sendmsg</code> and <code class="function">recvmsg</code> functions. On some systems, only credentials data that the peer has explicitly sent can be received, and the kernel checks the data for correctness on the sending side. This means that both peers need to deal with ancillary data. Compared to that, the modern interfaces are easier to use. Both sets of interfaces vary considerably among UNIX-like systems, unfortunately.
</div><div class="para">
If you want to authenticate based on supplementary groups, you should obtain the user ID using one of these methods, and look up the list of supplementary groups using <code class="function">getpwuid</code> (or <code class="function">getpwuid_r</code>) and <code class="function">getgrouplist</code>. Using the PID and information from <code class="filename">/proc/PID/status</code> is prone to race conditions and insecure.
- </div></div><div class="section" id="sect-Defensive_Coding-Authentication-Netlink"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">15.4. <code class="literal">AF_NETLINK</code> authentication of origin</h2></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-Authentication-Netlink"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">16.4. <code class="literal">AF_NETLINK</code> authentication of origin</h2></div></div></div><div class="para">
Netlink messages are used as a high-performance data transfer mechanism between the kernel and the userspace. Traditionally, they are used to exchange information related to the network statck, such as routing table entries.
</div><div class="para">
When processing Netlink messages from the kernel, it is important to check that these messages actually originate from the kernel, by checking that the port ID (or PID) field <code class="literal">nl_pid</code> in the <code class="literal">sockaddr_nl</code> structure is <code class="literal">0</code>. (This structure can be obtained using <code class="function">recvfrom</code> or <code class="function">recvmsg</code>, it is different from the <code class="literal">nlmsghdr</code> structure.) The kernel does not prevent other processes from sending unicast Netlink messages, but the <code class="literal">nl_pid</code> field in the sender's socket address will be non-zero in such cases.
</div><div class="para">
Applications should not use <code class="literal">AF_NETLINK</code> sockets as an IPC mechanism among processes, but prefer UNIX domain sockets for this tasks.
- </div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-TLS" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 16. Transport Layer Security</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls">16.1. Common Pitfalls</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-OpenSSL">16.1.1. OpenSSL Pitfalls</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls-GNUTLS">16.1.2. GNUTLS Pitfalls</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls-OpenJDK">16.1.3. OpenJDK Pitfalls</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls-NSS">16.1.4. NSS Pitfalls</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client">16.2. TLS Clients</a></span></dt><dd><dl><dt><span class="section"><a href="#idm2254
59421792">16.2.1. Implementation TLS Clients With OpenSSL</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-GNUTLS">16.2.2. Implementation TLS Clients With GNUTLS</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-OpenJDK">16.2.3. Implementing TLS Clients With OpenJDK</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-NSS">16.2.4. Implementing TLS Clients With NSS</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-Python">16.2.5. Implementing TLS Clients With Python</a></span></dt></dl></dd></dl></div><div class="para">
+ </div></div></div><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-TLS" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 17. Transport Layer Security</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls">17.1. Common Pitfalls</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-OpenSSL">17.1.1. OpenSSL Pitfalls</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls-GNUTLS">17.1.2. GNUTLS Pitfalls</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls-OpenJDK">17.1.3. OpenJDK Pitfalls</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Pitfalls-NSS">17.1.4. NSS Pitfalls</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client">17.2. TLS Clients</a></span></dt><dd><dl><dt><span class="section"><a href="#idm2254
46049504">17.2.1. Implementation TLS Clients With OpenSSL</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-GNUTLS">17.2.2. Implementation TLS Clients With GNUTLS</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-OpenJDK">17.2.3. Implementing TLS Clients With OpenJDK</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-NSS">17.2.4. Implementing TLS Clients With NSS</a></span></dt><dt><span class="section"><a href="#sect-Defensive_Coding-TLS-Client-Python">17.2.5. Implementing TLS Clients With Python</a></span></dt></dl></dd></dl></div><div class="para">
Transport Layer Security (TLS, formerly Secure Sockets Layer/SSL) is the recommended way to to protect integrity and confidentiality while data is transferred over an untrusted network connection, and to identify the endpoint.
- </div><div class="section" id="sect-Defensive_Coding-TLS-Pitfalls"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">16.1. Common Pitfalls</h2></div></div></div><div class="para">
+ </div><div class="section" id="sect-Defensive_Coding-TLS-Pitfalls"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">17.1. Common Pitfalls</h2></div></div></div><div class="para">
TLS implementations are difficult to use, and most of them lack a clean API design. The following sections contain implementation-specific advice, and some generic pitfalls are mentioned below.
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
Most TLS implementations have questionable default TLS cipher suites. Most of them enable anonymous Diffie-Hellman key exchange (but we generally want servers to authenticate themselves). Many do not disable ciphers which are subject to brute-force attacks because of restricted key lengths. Some even disable all variants of AES in the default configuration.
@@ -1740,7 +1887,7 @@ validator.<span class="perl_Function">validate</span>(<span class="perl_Keyword"
The name which is used in certificate validation must match the name provided by the user or configuration file. No host name canonicalization or IP address lookup must be performed.
</div></li><li class="listitem"><div class="para">
The TLS handshake has very poor performance if the TCP Nagle algorithm is active. You should switch on the <code class="literal">TCP_NODELAY</code> socket option (at least for the duration of the handshake), or use the Linux-specific <code class="literal">TCP_CORK</code> option.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Nagle"><h6>Example 16.1. Deactivating the TCP Nagle algorithm</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Nagle"><h6>Example 17.1. Deactivating the TCP Nagle algorithm</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_DataType">const</span> <span class="perl_DataType">int</span> val = <span class="perl_Float">1</span>;
<span class="perl_DataType">int</span> ret = setsockopt(sockfd, IPPROTO_TCP, TCP_NODELAY, &val, <span class="perl_Keyword">sizeof</span>(val));
<span class="perl_Keyword">if</span> (ret < 0) {
@@ -1754,8 +1901,8 @@ validator.<span class="perl_Function">validate</span>(<span class="perl_Keyword"
</div></li><li class="listitem"><div class="para">
When implementing a server using event-driven programming, it is important to handle the TLS handshake properly because it includes multiple network round-trips which can block when an ordinary TCP <code class="function">accept</code> would not. Otherwise, a client which fails to complete the TLS handshake for some reason will prevent the server from handling input from other clients.
</div></li><li class="listitem"><div class="para">
- Unlike regular file descriptors, TLS connections cannot be passed between processes. Some TLS implementations add additional restrictions, and TLS connections generally cannot be used across <code class="function">fork</code> function calls (see <a class="xref" href="#sect-Defensive_Coding-Tasks-Processes-Fork-Parallel">Section 11.6, “<code class="function">fork</code> as a primitive for parallelism”</a>).
- </div></li></ul></div><div class="section" id="sect-Defensive_Coding-TLS-OpenSSL"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">16.1.1. OpenSSL Pitfalls</h3></div></div></div><div class="para">
+ Unlike regular file descriptors, TLS connections cannot be passed between processes. Some TLS implementations add additional restrictions, and TLS connections generally cannot be used across <code class="function">fork</code> function calls (see <a class="xref" href="#sect-Defensive_Coding-Tasks-Processes-Fork-Parallel">Section 12.6, “<code class="function">fork</code> as a primitive for parallelism”</a>).
+ </div></li></ul></div><div class="section" id="sect-Defensive_Coding-TLS-OpenSSL"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">17.1.1. OpenSSL Pitfalls</h3></div></div></div><div class="para">
Some OpenSSL function use <span class="emphasis"><em>tri-state return values</em></span>. Correct error checking is extremely important. Several functions return <code class="literal">int</code> values with the following meaning:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
The value <code class="literal">1</code> indicates success (for example, a successful signature verification).
@@ -1766,8 +1913,8 @@ validator.<span class="perl_Function">validate</span>(<span class="perl_Keyword"
</div></li></ul></div><div class="para">
Treating such tri-state return values as booleans can lead to security vulnerabilities. Note that some OpenSSL functions return boolean results or yet another set of status indicators. Each function needs to be checked individually.
</div><div class="para">
- Recovering precise error information is difficult. <a class="xref" href="#ex-Defensive_Coding-TLS-OpenSSL-Errors">Example 16.2, “Obtaining OpenSSL error codes”</a> shows how to obtain a more precise error code after a function call on an <code class="literal">SSL</code> object has failed. However, there are still cases where no detailed error information is available (e.g., if <code class="function">SSL_shutdown</code> fails due to a connection teardown by the other end).
- </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Errors"><h6>Example 16.2. Obtaining OpenSSL error codes</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ Recovering precise error information is difficult. <a class="xref" href="#ex-Defensive_Coding-TLS-OpenSSL-Errors">Example 17.2, “Obtaining OpenSSL error codes”</a> shows how to obtain a more precise error code after a function call on an <code class="literal">SSL</code> object has failed. However, there are still cases where no detailed error information is available (e.g., if <code class="function">SSL_shutdown</code> fails due to a connection teardown by the other end).
+ </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Errors"><h6>Example 17.2. Obtaining OpenSSL error codes</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_DataType">static</span> <span class="perl_DataType">void</span> __attribute__((noreturn))
ssl_print_error_and_exit(SSL *ssl, <span class="perl_DataType">const</span> <span class="perl_DataType">char</span> *op, <span class="perl_DataType">int</span> ret)
{
@@ -1807,7 +1954,7 @@ ssl_print_error_and_exit(SSL *ssl, <span class="perl_DataType">const</span> <spa
The OpenSSL server and client applications (<code class="command">openssl s_client</code> and <code class="command">openssl s_server</code>) are debugging tools and should <span class="emphasis"><em>never</em></span> be used as generic clients. For instance, the <span class="application"><strong>s_client</strong></span> tool reacts in a surprisign way to lines starting with <code class="literal">R</code> and <code class="literal">Q</code>.
</div><div class="para">
OpenSSL allows application code to access private key material over documented interfaces. This can significantly increase the part of the code base which has to undergo security certification.
- </div></div><div class="section" id="sect-Defensive_Coding-TLS-Pitfalls-GNUTLS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">16.1.2. GNUTLS Pitfalls</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-TLS-Pitfalls-GNUTLS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">17.1.2. GNUTLS Pitfalls</h3></div></div></div><div class="para">
<code class="filename">libgnutls.so.26</code> links to <code class="filename">libpthread.so.0</code>. Loading the threading library too late causes problems, so the main program should be linked with <code class="literal">-lpthread</code> as well. As a result, it can be difficult to use GNUTLS in a plugin which is loaded with the <code class="function">dlopen</code> function. Another side effect is that applications which merely link against GNUTLS (even without actually using it) may incur a substantial overhead because other libraries automatically switch to thread-safe algorithms.
</div><div class="para">
The <code class="function">gnutls_global_init</code> function must be called before using any functionality provided by the library. This function is not thread-safe, so external locking is required, but it is not clear which lock should be used. Omitting the synchronization does not just lead to a memory leak, as it is suggested in the GNUTLS documentation, but to undefined behavior because there is no barrier that would enforce memory ordering.
@@ -1815,19 +1962,19 @@ ssl_print_error_and_exit(SSL *ssl, <span class="perl_DataType">const</span> <spa
The <code class="function">gnutls_global_deinit</code> function does not actually deallocate all resources allocated by <code class="function">gnutls_global_init</code>. It is currently not thread-safe. Therefore, it is best to avoid calling it altogether.
</div><div class="para">
The X.509 implementation in GNUTLS is rather lenient. For example, it is possible to create and process X.509 version 1 certificates which carry extensions. These certificates are (correctly) rejected by other implementations.
- </div></div><div class="section" id="sect-Defensive_Coding-TLS-Pitfalls-OpenJDK"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">16.1.3. OpenJDK Pitfalls</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-TLS-Pitfalls-OpenJDK"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">17.1.3. OpenJDK Pitfalls</h3></div></div></div><div class="para">
The Java cryptographic framework is highly modular. As a result, when you request an object implementing some cryptographic functionality, you cannot be completely sure that you end up with the well-tested, reviewed implementation in OpenJDK.
</div><div class="para">
OpenJDK (in the source code as published by Oracle) and other implementations of the Java platform require that the system administrator has installed so-called <span class="emphasis"><em>unlimited strength jurisdiction policy files</em></span>. Without this step, it is not possible to use the secure algorithms which offer sufficient cryptographic strength. Most downstream redistributors of OpenJDK remove this requirement.
</div><div class="para">
Some versions of OpenJDK use <code class="filename">/dev/random</code> as the randomness source for nonces and other random data which is needed for TLS operation, but does not actually require physical randomness. As a result, TLS applications can block, waiting for more bits to become available in <code class="filename">/dev/random</code>.
- </div></div><div class="section" id="sect-Defensive_Coding-TLS-Pitfalls-NSS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">16.1.4. NSS Pitfalls</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-TLS-Pitfalls-NSS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">17.1.4. NSS Pitfalls</h3></div></div></div><div class="para">
NSS was not designed to be used by other libraries which can be linked into applications without modifying them. There is a lot of global state. There does not seem to be a way to perform required NSS initialization without race conditions.
</div><div class="para">
If the NSPR descriptor is in an unexpected state, the <code class="function">SSL_ForceHandshake</code> function can succeed, but no TLS handshake takes place, the peer is not authenticated, and subsequent data is exchanged in the clear.
</div><div class="para">
NSS disables itself if it detects that the process underwent a <code class="function">fork</code> after the library has been initialized. This behavior is required by the PKCS#11 API specification.
- </div></div></div><div class="section" id="sect-Defensive_Coding-TLS-Client"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">16.2. TLS Clients</h2></div></div></div><div class="para">
+ </div></div></div><div class="section" id="sect-Defensive_Coding-TLS-Client"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">17.2. TLS Clients</h2></div></div></div><div class="para">
Secure use of TLS in a client generally involves all of the following steps. (Individual instructions for specific TLS implementations follow in the next sections.)
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
The client must configure the TLS library to use a set of trusted root certificates. These certificates are provided by the system in <code class="filename">/etc/ssl/certs</code> or files derived from it.
@@ -1843,11 +1990,11 @@ ssl_print_error_and_exit(SSL *ssl, <span class="perl_DataType">const</span> <spa
It is safe to provide users detailed diagnostics on certificate validation failures. Other causes of handshake failures and, generally speaking, any details on other errors reported by the TLS implementation (particularly exception tracebacks), must not be divulged in ways that make them accessible to potential attackers. Otherwise, it is possible to create decryption oracles.
</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
Depending on the application, revocation checking (against certificate revocations lists or via OCSP) and session resumption are important aspects of production-quality client. These aspects are not yet covered.
- </div></div></div><div class="section" id="idm225459421792"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225459421792">16.2.1. Implementation TLS Clients With OpenSSL</h3></div></div></div><div class="para">
+ </div></div></div><div class="section" id="idm225446049504"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225446049504">17.2.1. Implementation TLS Clients With OpenSSL</h3></div></div></div><div class="para">
In the following code, the error handling is only exploratory. Proper error handling is required for production use, especially in libraries.
</div><div class="para">
- The OpenSSL library needs explicit initialization (see <a class="xref" href="#ex-Defensive_Coding-TLS-OpenSSL-Init">Example 16.3, “OpenSSL library initialization”</a>).
- </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Init"><h6>Example 16.3. OpenSSL library initialization</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ The OpenSSL library needs explicit initialization (see <a class="xref" href="#ex-Defensive_Coding-TLS-OpenSSL-Init">Example 17.3, “OpenSSL library initialization”</a>).
+ </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Init"><h6>Example 17.3. OpenSSL library initialization</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// The following call prints an error message and calls exit() if</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment">// the OpenSSL configuration file is unreadable.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>OPENSSL_config(NULL);
@@ -1856,8 +2003,8 @@ ssl_print_error_and_exit(SSL *ssl, <span class="perl_DataType">const</span> <spa
<span class="perl_Comment">// Register ciphers.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>SSL_library_init();
</pre></div></div><br class="example-break" /><div class="para">
- After that, a context object has to be created, which acts as a factory for connection objects (<a class="xref" href="#ex-Defensive_Coding-TLS-Client-OpenSSL-CTX">Example 16.4, “OpenSSL client context creation”</a>). We use an explicit cipher list so that we do not pick up any strange ciphers when OpenSSL is upgraded. The actual version requested in the client hello depends on additional restrictions in the OpenSSL library. If possible, you should follow the example code and use the default list of trusted root certificate authorities provided by the system because you would have to maintain your own set otherwise, which can be cumbersome.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenSSL-CTX"><h6>Example 16.4. OpenSSL client context creation</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ After that, a context object has to be created, which acts as a factory for connection objects (<a class="xref" href="#ex-Defensive_Coding-TLS-Client-OpenSSL-CTX">Example 17.4, “OpenSSL client context creation”</a>). We use an explicit cipher list so that we do not pick up any strange ciphers when OpenSSL is upgraded. The actual version requested in the client hello depends on additional restrictions in the OpenSSL library. If possible, you should follow the example code and use the default list of trusted root certificate authorities provided by the system because you would have to maintain your own set otherwise, which can be cumbersome.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenSSL-CTX"><h6>Example 17.4. OpenSSL client context creation</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Configure a client connection context. Send a hendshake for the</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment">// highest supported TLS version, and disable compression.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_DataType">const</span> SSL_METHOD *<span class="perl_DataType">const</span> req_method = SSLv23_client_method();
@@ -1926,12 +2073,12 @@ SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION);
</pre></div></div><br class="example-break" /><div class="para">
A single context object can be used to create multiple connection objects. It is safe to use the same <code class="literal">SSL_CTX</code> object for creating connections concurrently from multiple threads, provided that the <code class="literal">SSL_CTX</code> object is not modified (e.g., callbacks must not be changed).
</div><div class="para">
- After creating the TCP socket and disabling the Nagle algorithm (per <a class="xref" href="#ex-Defensive_Coding-TLS-Nagle">Example 16.1, “Deactivating the TCP Nagle algorithm”</a>), the actual connection object needs to be created, as show in <a class="xref" href="#ex-Defensive_Coding-TLS-Client-OpenSSL-CTX">Example 16.4, “OpenSSL client context creation”</a>. If the handshake started by <code class="function">SSL_connect</code> fails, the <code class="function">ssl_print_error_and_exit</code> function from <a class="xref" href="#ex-Defensive_Coding-TLS-OpenSSL-Errors">Example 16.2, “Obtaining OpenSSL error codes”</a> is called.
+ After creating the TCP socket and disabling the Nagle algorithm (per <a class="xref" href="#ex-Defensive_Coding-TLS-Nagle">Example 17.1, “Deactivating the TCP Nagle algorithm”</a>), the actual connection object needs to be created, as show in <a class="xref" href="#ex-Defensive_Coding-TLS-Client-OpenSSL-CTX">Example 17.4, “OpenSSL client context creation”</a>. If the handshake started by <code class="function">SSL_connect</code> fails, the <code class="function">ssl_print_error_and_exit</code> function from <a class="xref" href="#ex-Defensive_Coding-TLS-OpenSSL-Errors">Example 17.2, “Obtaining OpenSSL error codes”</a> is called.
</div><div class="para">
The <code class="function">certificate_validity_override</code> function provides an opportunity to override the validity of the certificate in case the OpenSSL check fails. If such functionality is not required, the call can be removed, otherwise, the application developer has to implement it.
</div><div class="para">
The host name passed to the functions <code class="function">SSL_set_tlsext_host_name</code> and <code class="function">X509_check_host</code> must be the name that was passed to <code class="function">getaddrinfo</code> or a similar name resolution function. No host name canonicalization must be performed. The <code class="function">X509_check_host</code> function used in the final step for host name matching is currently only implemented in OpenSSL 1.1, which is not released yet. In case host name matching fails, the function <code class="function">certificate_host_name_override</code> is called. This function should check user-specific certificate store, to allow a connection even if the host name does not match the certificate. This function has to be provided by the application developer. Note that the override must be keyed by both the certificate <span class="emphasis"><em>and</em></span> the host name.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenSSL-Connect"><h6>Example 16.5. Creating a client connection using OpenSSL</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenSSL-Connect"><h6>Example 17.5. Creating a client connection using OpenSSL</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Create the connection object.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>SSL *ssl = SSL_new(ctx);
<span class="perl_Keyword">if</span> (ssl == NULL) {
@@ -1982,8 +2129,8 @@ SSL_set_fd(ssl, sockfd);
X509_free(peercert);
</pre></div></div><br class="example-break" /><div class="para">
- The connection object can be used for sending and receiving data, as in <a class="xref" href="#ex-Defensive_Coding-TLS-OpenSSL-Connection-Use">Example 16.6, “Using an OpenSSL connection to send and receive data”</a>. It is also possible to create a <code class="literal">BIO</code> object and use the <code class="literal">SSL</code> object as the underlying transport, using <code class="function">BIO_set_ssl</code>.
- </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Connection-Use"><h6>Example 16.6. Using an OpenSSL connection to send and receive data</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ The connection object can be used for sending and receiving data, as in <a class="xref" href="#ex-Defensive_Coding-TLS-OpenSSL-Connection-Use">Example 17.6, “Using an OpenSSL connection to send and receive data”</a>. It is also possible to create a <code class="literal">BIO</code> object and use the <code class="literal">SSL</code> object as the underlying transport, using <code class="function">BIO_set_ssl</code>.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Connection-Use"><h6>Example 17.6. Using an OpenSSL connection to send and receive data</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_DataType">const</span> <span class="perl_DataType">char</span> *<span class="perl_DataType">const</span> req = <span class="perl_String">"GET / HTTP/1.0</span><span class="perl_Char">\r\n\r\n</span><span class="perl_String">"</span>;
<span class="perl_Keyword">if</span> (SSL_write(ssl, req, strlen(req)) < 0) {
ssl_print_error_and_exit(ssl, <span class="perl_String">"SSL_write"</span>, ret);
@@ -1994,8 +2141,8 @@ ret = SSL_read(ssl, buf, <span class="perl_Keyword">sizeof</span>(buf));
ssl_print_error_and_exit(ssl, <span class="perl_String">"SSL_read"</span>, ret);
}
</pre></div></div><br class="example-break" /><div class="para">
- When it is time to close the connection, the <code class="function">SSL_shutdown</code> function needs to be called twice for an orderly, synchronous connection termination (<a class="xref" href="#ex-Defensive_Coding-TLS-OpenSSL-Connection-Close">Example 16.7, “Closing an OpenSSL connection in an orderly fashion”</a>). This exchanges <code class="literal">close_notify</code> alerts with the server. The additional logic is required to deal with an unexpected <code class="literal">close_notify</code> from the server. Note that is necessary to explicitly close the underlying socket after the connection object has been freed.
- </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Connection-Close"><h6>Example 16.7. Closing an OpenSSL connection in an orderly fashion</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ When it is time to close the connection, the <code class="function">SSL_shutdown</code> function needs to be called twice for an orderly, synchronous connection termination (<a class="xref" href="#ex-Defensive_Coding-TLS-OpenSSL-Connection-Close">Example 17.7, “Closing an OpenSSL connection in an orderly fashion”</a>). This exchanges <code class="literal">close_notify</code> alerts with the server. The additional logic is required to deal with an unexpected <code class="literal">close_notify</code> from the server. Note that is necessary to explicitly close the underlying socket after the connection object has been freed.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Connection-Close"><h6>Example 17.7. Closing an OpenSSL connection in an orderly fashion</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Send the close_notify alert.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>ret = SSL_shutdown(ssl);
<span class="perl_Keyword">switch</span> (ret) {
@@ -2021,20 +2168,20 @@ ret = SSL_read(ssl, buf, <span class="perl_Keyword">sizeof</span>(buf));
SSL_free(ssl);
close(sockfd);
</pre></div></div><br class="example-break" /><div class="para">
- <a class="xref" href="#ex-Defensive_Coding-TLS-OpenSSL-Context-Close">Example 16.8, “Closing an OpenSSL connection in an orderly fashion”</a> shows how to deallocate the context object when it is no longer needed because no further TLS connections will be established.
- </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Context-Close"><h6>Example 16.8. Closing an OpenSSL connection in an orderly fashion</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ <a class="xref" href="#ex-Defensive_Coding-TLS-OpenSSL-Context-Close">Example 17.8, “Closing an OpenSSL connection in an orderly fashion”</a> shows how to deallocate the context object when it is no longer needed because no further TLS connections will be established.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Context-Close"><h6>Example 17.8. Closing an OpenSSL connection in an orderly fashion</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
SSL_CTX_free(ctx);
-</pre></div></div><br class="example-break" /></div><div class="section" id="sect-Defensive_Coding-TLS-Client-GNUTLS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">16.2.2. Implementation TLS Clients With GNUTLS</h3></div></div></div><div class="para">
+</pre></div></div><br class="example-break" /></div><div class="section" id="sect-Defensive_Coding-TLS-Client-GNUTLS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">17.2.2. Implementation TLS Clients With GNUTLS</h3></div></div></div><div class="para">
This section describes how to implement a TLS client with full certificate validation (but without certificate revocation checking). Note that the error handling in is only exploratory and needs to be replaced before production use.
</div><div class="para">
The GNUTLS library needs explicit initialization:
</div><div class="informalexample" id="ex-Defensive_Coding-TLS-GNUTLS-Init"><pre xml:lang="en-US" class="programlisting" lang="en-US">
gnutls_global_init();
</pre></div><div class="para">
- Failing to do so can result in obscure failures in Base64 decoding. See <a class="xref" href="#sect-Defensive_Coding-TLS-Pitfalls-GNUTLS">Section 16.1.2, “GNUTLS Pitfalls”</a> for additional aspects of initialization.
+ Failing to do so can result in obscure failures in Base64 decoding. See <a class="xref" href="#sect-Defensive_Coding-TLS-Pitfalls-GNUTLS">Section 17.1.2, “GNUTLS Pitfalls”</a> for additional aspects of initialization.
</div><div class="para">
- Before setting up TLS connections, a credentials objects has to be allocated and initialized with the set of trusted root CAs (<a class="xref" href="#ex-Defensive_Coding-TLS-Client-GNUTLS-Credentials">Example 16.9, “Initializing a GNUTLS credentials structure”</a>).
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-GNUTLS-Credentials"><h6>Example 16.9. Initializing a GNUTLS credentials structure</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ Before setting up TLS connections, a credentials objects has to be allocated and initialized with the set of trusted root CAs (<a class="xref" href="#ex-Defensive_Coding-TLS-Client-GNUTLS-Credentials">Example 17.9, “Initializing a GNUTLS credentials structure”</a>).
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-GNUTLS-Credentials"><h6>Example 17.9. Initializing a GNUTLS credentials structure</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Load the trusted CA certificates.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>gnutls_certificate_credentials_t cred = NULL;
<span class="perl_DataType">int</span> ret = gnutls_certificate_allocate_credentials (&cred);
@@ -2065,8 +2212,8 @@ gnutls_certificate_free_credentials(cred);
</pre></div><div class="para">
During its lifetime, the credentials object can be used to initialize TLS session objects from multiple threads, provided that it is not changed.
</div><div class="para">
- Once the TCP connection has been established, the Nagle algorithm should be disabled (see <a class="xref" href="#ex-Defensive_Coding-TLS-Nagle">Example 16.1, “Deactivating the TCP Nagle algorithm”</a>). After that, the socket can be associated with a new GNUTLS session object. The previously allocated credentials object provides the set of root CAs. The <code class="literal">NORMAL</code> set of cipher suites and protocols provides a reasonable default. Then the TLS handshake must be initiated. This is shown in <a class="xref" href="#ex-Defensive_Coding-TLS-Client-GNUTLS-Connect">Example 16.10, “Establishing a TLS client connection using GNUTLS”</a>.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-GNUTLS-Connect"><h6>Example 16.10. Establishing a TLS client connection using GNUTLS</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ Once the TCP connection has been established, the Nagle algorithm should be disabled (see <a class="xref" href="#ex-Defensive_Coding-TLS-Nagle">Example 17.1, “Deactivating the TCP Nagle algorithm”</a>). After that, the socket can be associated with a new GNUTLS session object. The previously allocated credentials object provides the set of root CAs. The <code class="literal">NORMAL</code> set of cipher suites and protocols provides a reasonable default. Then the TLS handshake must be initiated. This is shown in <a class="xref" href="#ex-Defensive_Coding-TLS-Client-GNUTLS-Connect">Example 17.10, “Establishing a TLS client connection using GNUTLS”</a>.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-GNUTLS-Connect"><h6>Example 17.10. Establishing a TLS client connection using GNUTLS</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Create the session object.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>gnutls_session_t session;
ret = gnutls_init(&session, GNUTLS_CLIENT);
@@ -2112,8 +2259,8 @@ ret = gnutls_server_name_set(session, GNUTLS_NAME_DNS,
exit(<span class="perl_Float">1</span>);
}
</pre></div></div><br class="example-break" /><div class="para">
- After the handshake has been completed, the server certificate needs to be verified (<a class="xref" href="#ex-Defensive_Coding-TLS-Client-GNUTLS-Verify">Example 16.11, “Verifying a server certificate using GNUTLS”</a>). In the example, the user-defined <code class="function">certificate_validity_override</code> function is called if the verification fails, so that a separate, user-specific trust store can be checked. This function call can be omitted if the functionality is not needed.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-GNUTLS-Verify"><h6>Example 16.11. Verifying a server certificate using GNUTLS</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ After the handshake has been completed, the server certificate needs to be verified (<a class="xref" href="#ex-Defensive_Coding-TLS-Client-GNUTLS-Verify">Example 17.11, “Verifying a server certificate using GNUTLS”</a>). In the example, the user-defined <code class="function">certificate_validity_override</code> function is called if the verification fails, so that a separate, user-specific trust store can be checked. This function call can be omitted if the functionality is not needed.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-GNUTLS-Verify"><h6>Example 17.11. Verifying a server certificate using GNUTLS</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Obtain the server certificate chain. The server certificate</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment">// itself is stored in the first element of the array.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_DataType">unsigned</span> certslen = 0;
@@ -2151,8 +2298,8 @@ ret = gnutls_certificate_verify_peers2(session, &status);
}
}
</pre></div></div><br class="example-break" /><div class="para">
- In the next step (<a class="xref" href="#ex-Defensive_Coding-TLS-Client-GNUTLS-Match">Example 16.12, “Matching the server host name and certificate in a GNUTLS client”</a>, the certificate must be matched against the host name (note the unusual return value from <code class="function">gnutls_x509_crt_check_hostname</code>). Again, an override function <code class="function">certificate_host_name_override</code> is called. Note that the override must be keyed to the certificate <span class="emphasis"><em>and</em></span> the host name. The function call can be omitted if the override is not needed.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-GNUTLS-Match"><h6>Example 16.12. Matching the server host name and certificate in a GNUTLS client</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ In the next step (<a class="xref" href="#ex-Defensive_Coding-TLS-Client-GNUTLS-Match">Example 17.12, “Matching the server host name and certificate in a GNUTLS client”</a>, the certificate must be matched against the host name (note the unusual return value from <code class="function">gnutls_x509_crt_check_hostname</code>). Again, an override function <code class="function">certificate_host_name_override</code> is called. Note that the override must be keyed to the certificate <span class="emphasis"><em>and</em></span> the host name. The function call can be omitted if the override is not needed.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-GNUTLS-Match"><h6>Example 17.12. Matching the server host name and certificate in a GNUTLS client</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Match the peer certificate against the host name.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment">// We can only obtain a set of DER-encoded certificates from the</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment">// session object, so we have to re-parse the peer certificate into</span><span class="perl_Comment"></span>
@@ -2180,8 +2327,8 @@ gnutls_x509_crt_deinit(cert);
</pre></div></div><br class="example-break" /><div class="para">
In newer GNUTLS versions, certificate checking and host name validation can be combined using the <code class="function">gnutls_certificate_verify_peers3</code> function.
</div><div class="para">
- An established TLS session can be used for sending and receiving data, as in <a class="xref" href="#ex-Defensive_Coding-TLS-GNUTLS-Use">Example 16.13, “Using a GNUTLS session”</a>.
- </div><div class="example" id="ex-Defensive_Coding-TLS-GNUTLS-Use"><h6>Example 16.13. Using a GNUTLS session</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ An established TLS session can be used for sending and receiving data, as in <a class="xref" href="#ex-Defensive_Coding-TLS-GNUTLS-Use">Example 17.13, “Using a GNUTLS session”</a>.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-GNUTLS-Use"><h6>Example 17.13. Using a GNUTLS session</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_DataType">char</span> buf[4096];
snprintf(buf, <span class="perl_Keyword">sizeof</span>(buf), <span class="perl_String">"GET / HTTP/1.0</span><span class="perl_Char">\r\n</span><span class="perl_String">Host: %s</span><span class="perl_Char">\r\n\r\n</span><span class="perl_String">"</span>, host);
ret = gnutls_record_send(session, buf, strlen(buf));
@@ -2195,8 +2342,8 @@ ret = gnutls_record_recv(session, buf, <span class="perl_Keyword">sizeof</span>(
exit(<span class="perl_Float">1</span>);
}
</pre></div></div><br class="example-break" /><div class="para">
- In order to shut down a connection in an orderly manner, you should call the <code class="function">gnutls_bye</code> function. Finally, the session object can be deallocated using <code class="function">gnutls_deinit</code> (see <a class="xref" href="#ex-Defensive_Coding-TLS-GNUTLS-Disconnect">Example 16.14, “Using a GNUTLS session”</a>).
- </div><div class="example" id="ex-Defensive_Coding-TLS-GNUTLS-Disconnect"><h6>Example 16.14. Using a GNUTLS session</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ In order to shut down a connection in an orderly manner, you should call the <code class="function">gnutls_bye</code> function. Finally, the session object can be deallocated using <code class="function">gnutls_deinit</code> (see <a class="xref" href="#ex-Defensive_Coding-TLS-GNUTLS-Disconnect">Example 17.14, “Using a GNUTLS session”</a>).
+ </div><div class="example" id="ex-Defensive_Coding-TLS-GNUTLS-Disconnect"><h6>Example 17.14. Using a GNUTLS session</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Initiate an orderly connection shutdown.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>ret = gnutls_bye(session, GNUTLS_SHUT_RDWR);
<span class="perl_Keyword">if</span> (ret < 0) {
@@ -2205,7 +2352,7 @@ ret = gnutls_record_recv(session, buf, <span class="perl_Keyword">sizeof</span>(
}
<span class="perl_Comment">// Free the session object.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>gnutls_deinit(session);
-</pre></div></div><br class="example-break" /></div><div class="section" id="sect-Defensive_Coding-TLS-Client-OpenJDK"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">16.2.3. Implementing TLS Clients With OpenJDK</h3></div></div></div><div class="para">
+</pre></div></div><br class="example-break" /></div><div class="section" id="sect-Defensive_Coding-TLS-Client-OpenJDK"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">17.2.3. Implementing TLS Clients With OpenJDK</h3></div></div></div><div class="para">
The examples below use the following cryptographic-related classes:
</div><div class="informalexample"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Keyword">import</span> java.security.NoSuchAlgorithmException;
@@ -2223,8 +2370,8 @@ ret = gnutls_record_recv(session, buf, <span class="perl_Keyword">sizeof</span>(
</pre></div><div class="para">
If compatibility with OpenJDK 6 is required, it is necessary to use the internal class <code class="literal">sun.security.util.HostnameChecker</code>. (The public OpenJDK API does not provide any support for dissecting the subject distinguished name of an X.509 certificate, so a custom-written DER parser is needed—or we have to use an internal class, which we do below.) In OpenJDK 7, the <code class="function">setEndpointIdentificationAlgorithm</code> method was added to the <code class="literal">javax.net.ssl.SSLParameters</code> class, providing an official way to implement host name checking.
</div><div class="para">
- TLS connections are established using an <code class="literal">SSLContext</code> instance. With a properly configured OpenJDK installation, the <code class="literal">SunJSSE</code> provider uses the system-wide set of trusted root certificate authorities, so no further configuration is necessary. For backwards compatibility with OpenJDK 6, the <code class="literal">TLSv1</code> provider has to be supported as a fall-back option. This is shown in <a class="xref" href="#ex-Defensive_Coding-TLS-Client-OpenJDK-Context">Example 16.15, “Setting up an <code class="literal">SSLContext</code> for OpenJDK TLS clients”</a>.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenJDK-Context"><h6>Example 16.15. Setting up an <code class="literal">SSLContext</code> for OpenJDK TLS clients</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ TLS connections are established using an <code class="literal">SSLContext</code> instance. With a properly configured OpenJDK installation, the <code class="literal">SunJSSE</code> provider uses the system-wide set of trusted root certificate authorities, so no further configuration is necessary. For backwards compatibility with OpenJDK 6, the <code class="literal">TLSv1</code> provider has to be supported as a fall-back option. This is shown in <a class="xref" href="#ex-Defensive_Coding-TLS-Client-OpenJDK-Context">Example 17.15, “Setting up an <code class="literal">SSLContext</code> for OpenJDK TLS clients”</a>.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenJDK-Context"><h6>Example 17.15. Setting up an <code class="literal">SSLContext</code> for OpenJDK TLS clients</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Create the context. Specify the SunJSSE provider to avoid</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment">// picking up third-party providers. Try the TLS 1.2 provider</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment">// first, then fall back to TLS 1.0.</span><span class="perl_Comment"></span>
@@ -2246,8 +2393,8 @@ ret = gnutls_record_recv(session, buf, <span class="perl_Keyword">sizeof</span>(
}
ctx.<span class="perl_Function">init</span>(<span class="perl_Keyword">null</span>, <span class="perl_Keyword">null</span>, <span class="perl_Keyword">null</span>);
</pre></div></div><br class="example-break" /><div class="para">
- In addition to the context, a TLS parameter object will be needed which adjusts the cipher suites and protocols (<a class="xref" href="#ex-Defensive_Coding-TLS-OpenJDK-Parameters">Example 16.16, “Setting up <code class="literal">SSLParameters</code> for TLS use with OpenJDK”</a>). Like the context, these parameters can be reused for multiple TLS connections.
- </div><div class="example" id="ex-Defensive_Coding-TLS-OpenJDK-Parameters"><h6>Example 16.16. Setting up <code class="literal">SSLParameters</code> for TLS use with OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ In addition to the context, a TLS parameter object will be needed which adjusts the cipher suites and protocols (<a class="xref" href="#ex-Defensive_Coding-TLS-OpenJDK-Parameters">Example 17.16, “Setting up <code class="literal">SSLParameters</code> for TLS use with OpenJDK”</a>). Like the context, these parameters can be reused for multiple TLS connections.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-OpenJDK-Parameters"><h6>Example 17.16. Setting up <code class="literal">SSLParameters</code> for TLS use with OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Prepare TLS parameters. These have to applied to every TLS</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment">// socket before the handshake is triggered.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>SSLParameters params = ctx.<span class="perl_Function">getDefaultSSLParameters</span>();
@@ -2276,8 +2423,8 @@ params.<span class="perl_Function">setEndpointIdentificationAlgorithm</span>(<sp
</pre></div><div class="para">
All application protocols can use the <code class="literal">"HTTPS"</code> algorithm. (The algorithms have minor differences with regard to wildcard handling, which should not matter in practice.)
</div><div class="para">
- <a class="xref" href="#ex-Defensive_Coding-TLS-Client-OpenJDK-Connect">Example 16.17, “Establishing a TLS connection with OpenJDK”</a> shows how to establish the connection. Before the handshake is initialized, the protocol and cipher configuration has to be performed, by applying the parameter object <code class="literal">params</code>. (After this point, changes to <code class="literal">params</code> will not affect this TLS socket.) As mentioned initially, host name checking requires using an internal API on OpenJDK 6.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenJDK-Connect"><h6>Example 16.17. Establishing a TLS connection with OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ <a class="xref" href="#ex-Defensive_Coding-TLS-Client-OpenJDK-Connect">Example 17.17, “Establishing a TLS connection with OpenJDK”</a> shows how to establish the connection. Before the handshake is initialized, the protocol and cipher configuration has to be performed, by applying the parameter object <code class="literal">params</code>. (After this point, changes to <code class="literal">params</code> will not affect this TLS socket.) As mentioned initially, host name checking requires using an internal API on OpenJDK 6.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenJDK-Connect"><h6>Example 17.17. Establishing a TLS connection with OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Create the socket and connect it at the TCP layer.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>SSLSocket socket = (SSLSocket) ctx.<span class="perl_Function">getSocketFactory</span>()
.<span class="perl_Function">createSocket</span>(host, port);
@@ -2301,18 +2448,18 @@ params.<span class="perl_Function">setEndpointIdentificationAlgorithm</span>(<sp
</pre></div></div><br class="example-break" /><div class="para">
Starting with OpenJDK 7, the last lines can be omitted, provided that host name verification has been enabled by calling the <code class="function">setEndpointIdentificationAlgorithm</code> method on the <code class="literal">params</code> object (before it was applied to the socket).
</div><div class="para">
- The TLS socket can be used as a regular socket, as shown in <a class="xref" href="#ex-Defensive_Coding-TLS-Client-OpenJDK-Use">Example 16.18, “Using a TLS client socket in OpenJDK”</a>.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenJDK-Use"><h6>Example 16.18. Using a TLS client socket in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ The TLS socket can be used as a regular socket, as shown in <a class="xref" href="#ex-Defensive_Coding-TLS-Client-OpenJDK-Use">Example 17.18, “Using a TLS client socket in OpenJDK”</a>.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenJDK-Use"><h6>Example 17.18. Using a TLS client socket in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
socket.<span class="perl_Function">getOutputStream</span>().<span class="perl_Function">write</span>(<span class="perl_String">"GET / HTTP/1.0</span><span class="perl_Char">\r\n\r\n</span><span class="perl_String">"</span>
.<span class="perl_Function">getBytes</span>(Charset.<span class="perl_Function">forName</span>(<span class="perl_String">"UTF-8"</span>)));
<span class="perl_DataType">byte</span>[] buffer = <span class="perl_Keyword">new</span> <span class="perl_DataType">byte</span>[<span class="perl_Float">4096</span>];
<span class="perl_DataType">int</span> count = socket.<span class="perl_Function">getInputStream</span>().<span class="perl_Function">read</span>(buffer);
System.<span class="perl_Function">out</span>.<span class="perl_Function">write</span>(buffer, <span class="perl_Float">0</span>, count);
-</pre></div></div><br class="example-break" /><div class="section" id="idm225470349680"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm225470349680">16.2.3.1. Overriding server certificate validation with OpenJDK 6</h4></div></div></div><div class="para">
+</pre></div></div><br class="example-break" /><div class="section" id="idm225356270576"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm225356270576">17.2.3.1. Overriding server certificate validation with OpenJDK 6</h4></div></div></div><div class="para">
Overriding certificate validation requires a custom trust manager. With OpenJDK 6, the trust manager lacks information about the TLS session, and to which server the connection is made. Certificate overrides have to be tied to specific servers (host names). Consequently, different <code class="literal">TrustManager</code> and <code class="literal">SSLContext</code> objects have to be used for different servers.
</div><div class="para">
- In the trust manager shown in <a class="xref" href="#ex-Defensive_Coding-TLS-Client-MyTrustManager">Example 16.19, “A customer trust manager for OpenJDK TLS clients”</a>, the server certificate is identified by its SHA-256 hash.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-MyTrustManager"><h6>Example 16.19. A customer trust manager for OpenJDK TLS clients</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ In the trust manager shown in <a class="xref" href="#ex-Defensive_Coding-TLS-Client-MyTrustManager">Example 17.19, “A customer trust manager for OpenJDK TLS clients”</a>, the server certificate is identified by its SHA-256 hash.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-MyTrustManager"><h6>Example 17.19. A customer trust manager for OpenJDK TLS clients</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Keyword">public</span> <span class="perl_Keyword">class</span> MyTrustManager <span class="perl_Keyword">implements</span> X509TrustManager {
<span class="perl_Keyword">private</span> <span class="perl_DataType">final</span> <span class="perl_DataType">byte</span>[] certHash;
@@ -2346,8 +2493,8 @@ System.<span class="perl_Function">out</span>.<span class="perl_Function">write<
}
}
</pre></div></div><br class="example-break" /><div class="para">
- This trust manager has to be passed to the <code class="literal">init</code> method of the <code class="literal">SSLContext</code> object, as show in <a class="xref" href="#ex-Defensive_Coding-TLS-Client-Context_For_Cert">Example 16.20, “Using a custom TLS trust manager with OpenJDK”</a>.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-Context_For_Cert"><h6>Example 16.20. Using a custom TLS trust manager with OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ This trust manager has to be passed to the <code class="literal">init</code> method of the <code class="literal">SSLContext</code> object, as show in <a class="xref" href="#ex-Defensive_Coding-TLS-Client-Context_For_Cert">Example 17.20, “Using a custom TLS trust manager with OpenJDK”</a>.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-Context_For_Cert"><h6>Example 17.20. Using a custom TLS trust manager with OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
SSLContext ctx;
<span class="perl_Keyword">try</span> {
ctx = SSLContext.<span class="perl_Function">getInstance</span>(<span class="perl_String">"TLSv1.2"</span>, <span class="perl_String">"SunJSSE"</span>);
@@ -2368,13 +2515,13 @@ ctx.<span class="perl_Function">init</span>(<span class="perl_Keyword">null</spa
When certificate overrides are in place, host name verification should not be performed because there is no security requirement that the host name in the certificate matches the host name used to establish the connection (and it often will not). However, without host name verification, it is not possible to perform transparent fallback to certification validation using the system certificate store.
</div><div class="para">
The approach described above works with OpenJDK 6 and later versions. Starting with OpenJDK 7, it is possible to use a custom subclass of the <code class="literal">javax.net.ssl.X509ExtendedTrustManager</code> class. The OpenJDK TLS implementation will call the new methods, passing along TLS session information. This can be used to implement certificate overrides as a fallback (if certificate or host name verification fails), and a trust manager object can be used for multiple servers because the server address is available to the trust manager.
- </div></div></div><div class="section" id="sect-Defensive_Coding-TLS-Client-NSS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">16.2.4. Implementing TLS Clients With NSS</h3></div></div></div><div class="para">
+ </div></div></div><div class="section" id="sect-Defensive_Coding-TLS-Client-NSS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">17.2.4. Implementing TLS Clients With NSS</h3></div></div></div><div class="para">
The following code shows how to implement a simple TLS client using NSS. These instructions apply to NSS version 3.14 and later. Versions before 3.14 need different initialization code.
</div><div class="para">
Keep in mind that the error handling needs to be improved before the code can be used in production.
</div><div class="para">
- Using NSS needs several header files, as shown in <a class="xref" href="#ex-Defensive_Coding-TLS-NSS-Includes">Example 16.21, “Include files for NSS”</a>.
- </div><div class="example" id="ex-Defensive_Coding-TLS-NSS-Includes"><h6>Example 16.21. Include files for NSS</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ Using NSS needs several header files, as shown in <a class="xref" href="#ex-Defensive_Coding-TLS-NSS-Includes">Example 17.21, “Include files for NSS”</a>.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-NSS-Includes"><h6>Example 17.21. Include files for NSS</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// NSPR include files</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Others">#include <prerror.h></span><span class="perl_Others"></span>
<span class="perl_Others"></span><span class="perl_Others">#include <prinit.h></span><span class="perl_Others"></span>
@@ -2390,10 +2537,10 @@ ctx.<span class="perl_Function">init</span>(<span class="perl_Keyword">null</spa
<span class="perl_Comment"></span><span class="perl_Comment">// NSPR handle.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>NSPR_API(PRFileDesc*) PR_ImportTCPSocket(<span class="perl_DataType">int</span>);
</pre></div></div><br class="example-break" /><div class="para">
- Initializing the NSS library is shown in <a class="xref" href="#ex-Defensive_Coding-TLS-NSS-Init">Example 16.22, “Initializing the NSS library”</a>. This initialization procedure overrides global state. We only call <code class="function">NSS_SetDomesticPolicy</code> if there are no strong ciphers available, assuming that it has already been called otherwise. This avoids overriding the process-wide cipher suite policy unnecessarily.
+ Initializing the NSS library is shown in <a class="xref" href="#ex-Defensive_Coding-TLS-NSS-Init">Example 17.22, “Initializing the NSS library”</a>. This initialization procedure overrides global state. We only call <code class="function">NSS_SetDomesticPolicy</code> if there are no strong ciphers available, assuming that it has already been called otherwise. This avoids overriding the process-wide cipher suite policy unnecessarily.
</div><div class="para">
The simplest way to configured the trusted root certificates involves loading the <code class="filename">libnssckbi.so</code> NSS module with a call to the <code class="function">SECMOD_LoadUserModule</code> function. The root certificates are compiled into this module. (The PEM module for NSS, <code class="filename">libnsspem.so</code>, offers a way to load trusted CA certificates from a file.)
- </div><div class="example" id="ex-Defensive_Coding-TLS-NSS-Init"><h6>Example 16.22. Initializing the NSS library</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ </div><div class="example" id="ex-Defensive_Coding-TLS-NSS-Init"><h6>Example 17.22. Initializing the NSS library</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
NSSInitContext *<span class="perl_DataType">const</span> ctx =
NSS_InitContext(<span class="perl_String">"sql:/etc/pki/nssdb"</span>, <span class="perl_String">""</span>, <span class="perl_String">""</span>, <span class="perl_String">""</span>, NULL,
@@ -2457,12 +2604,12 @@ SECMODModule *module = SECMOD_LoadUserModule(module_name, NULL, PR_FALSE);
SECMOD_DestroyModule(module);
NSS_ShutdownContext(ctx);
</pre></div><div class="para">
- After NSS has been initialized, the TLS connection can be created (<a class="xref" href="#ex-Defensive_Coding-TLS-Client-NSS-Connect">Example 16.23, “Creating a TLS connection with NSS”</a>). The internal <code class="function">PR_ImportTCPSocket</code> function is used to turn the POSIX file descriptor <code class="literal">sockfd</code> into an NSPR file descriptor. (This function is de-facto part of the NSS public ABI, so it will not go away.) Creating the TLS-capable file descriptor requires a <span class="emphasis"><em>model</em></span> descriptor, which is configured with the desired set of protocols. The model descriptor is not needed anymore after TLS support has been activated for the existing connection descriptor.
+ After NSS has been initialized, the TLS connection can be created (<a class="xref" href="#ex-Defensive_Coding-TLS-Client-NSS-Connect">Example 17.23, “Creating a TLS connection with NSS”</a>). The internal <code class="function">PR_ImportTCPSocket</code> function is used to turn the POSIX file descriptor <code class="literal">sockfd</code> into an NSPR file descriptor. (This function is de-facto part of the NSS public ABI, so it will not go away.) Creating the TLS-capable file descriptor requires a <span class="emphasis"><em>model</em></span> descriptor, which is configured with the desired set of protocols. The model descriptor is not needed anymore after TLS support has been activated for the existing connection descriptor.
</div><div class="para">
The call to <code class="function">SSL_BadCertHook</code> can be omitted if no mechanism to override certificate verification is needed. The <code class="literal">bad_certificate</code> function must check both the host name specified for the connection and the certificate before granting the override.
</div><div class="para">
Triggering the actual handshake requires three function calls, <code class="function">SSL_ResetHandshake</code>, <code class="function">SSL_SetURL</code>, and <code class="function">SSL_ForceHandshake</code>. (If <code class="function">SSL_ResetHandshake</code> is omitted, <code class="function">SSL_ForceHandshake</code> will succeed, but the data will not be encrypted.) During the handshake, the certificate is verified and matched against the host name.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-NSS-Connect"><h6>Example 16.23. Creating a TLS connection with NSS</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-NSS-Connect"><h6>Example 17.23. Creating a TLS connection with NSS</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Wrap the POSIX file descriptor. This is an internal NSPR</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment">// function, but it is very unlikely to change.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>PRFileDesc* nspr = PR_ImportTCPSocket(sockfd);
@@ -2538,8 +2685,8 @@ sockfd = <span class="perl_DecVal">-1</span>; <span class="perl_Comment">// Has
exit(<span class="perl_Float">1</span>);
}
</pre></div></div><br class="example-break" /><div class="para">
- After the connection has been established, <a class="xref" href="#ex-Defensive_Coding-TLS-NSS-Use">Example 16.24, “Using NSS for sending and receiving data”</a> shows how to use the NSPR descriptor to communicate with the server.
- </div><div class="example" id="ex-Defensive_Coding-TLS-NSS-Use"><h6>Example 16.24. Using NSS for sending and receiving data</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ After the connection has been established, <a class="xref" href="#ex-Defensive_Coding-TLS-NSS-Use">Example 17.24, “Using NSS for sending and receiving data”</a> shows how to use the NSPR descriptor to communicate with the server.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-NSS-Use"><h6>Example 17.24. Using NSS for sending and receiving data</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_DataType">char</span> buf[4096];
snprintf(buf, <span class="perl_Keyword">sizeof</span>(buf), <span class="perl_String">"GET / HTTP/1.0</span><span class="perl_Char">\r\n</span><span class="perl_String">Host: %s</span><span class="perl_Char">\r\n\r\n</span><span class="perl_String">"</span>, host);
PRInt32 ret = PR_Write(nspr, buf, strlen(buf));
@@ -2557,8 +2704,8 @@ ret = PR_Read(nspr, buf, <span class="perl_Keyword">sizeof</span>(buf));
exit(<span class="perl_Float">1</span>);
}
</pre></div></div><br class="example-break" /><div class="para">
- <a class="xref" href="#ex-Defensive_Coding-TLS-Client-NSS-Close">Example 16.25, “Closing NSS client connections”</a> shows how to close the connection.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-NSS-Close"><h6>Example 16.25. Closing NSS client connections</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ <a class="xref" href="#ex-Defensive_Coding-TLS-Client-NSS-Close">Example 17.25, “Closing NSS client connections”</a> shows how to close the connection.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-NSS-Close"><h6>Example 17.25. Closing NSS client connections</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Send close_notify alert.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Keyword">if</span> (PR_Shutdown(nspr, PR_SHUTDOWN_BOTH) != PR_SUCCESS) {
<span class="perl_DataType">const</span> PRErrorCode err = PR_GetError();
@@ -2568,13 +2715,13 @@ ret = PR_Read(nspr, buf, <span class="perl_Keyword">sizeof</span>(buf));
}
<span class="perl_Comment">// Closes the underlying POSIX file descriptor, too.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>PR_Close(nspr);
-</pre></div></div><br class="example-break" /></div><div class="section" id="sect-Defensive_Coding-TLS-Client-Python"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">16.2.5. Implementing TLS Clients With Python</h3></div></div></div><div class="para">
- The Python distribution provides a TLS implementation in the <code class="literal">ssl</code> module (actually a wrapper around OpenSSL). The exported interface is somewhat restricted, so that the client code shown below does not fully implement the recommendations in <a class="xref" href="#sect-Defensive_Coding-TLS-OpenSSL">Section 16.1.1, “OpenSSL Pitfalls”</a>.
+</pre></div></div><br class="example-break" /></div><div class="section" id="sect-Defensive_Coding-TLS-Client-Python"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">17.2.5. Implementing TLS Clients With Python</h3></div></div></div><div class="para">
+ The Python distribution provides a TLS implementation in the <code class="literal">ssl</code> module (actually a wrapper around OpenSSL). The exported interface is somewhat restricted, so that the client code shown below does not fully implement the recommendations in <a class="xref" href="#sect-Defensive_Coding-TLS-OpenSSL">Section 17.1.1, “OpenSSL Pitfalls”</a>.
</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
Currently, most Python function which accept <code class="literal">https://</code> URLs or otherwise implement HTTPS support do not perform certificate validation at all. (For example, this is true for the <code class="literal">httplib</code> and <code class="literal">xmlrpclib</code> modules.) If you use HTTPS, you should not use the built-in HTTP clients. The <code class="literal">Curl</code> class in the <code class="literal">curl</code> module, as provided by the <code class="literal">python-pycurl</code> package implements proper certificate validation.
</div></div></div><div class="para">
- The <code class="literal">ssl</code> module currently does not perform host name checking on the server certificate. <a class="xref" href="#ex-Defensive_Coding-TLS-Client-Python-check_host_name">Example 16.26, “Implementing TLS host name checking Python (without wildcard support)”</a> shows how to implement certificate matching, using the parsed certificate returned by <code class="function">getpeercert</code>.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-Python-check_host_name"><h6>Example 16.26. Implementing TLS host name checking Python (without wildcard support)</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ The <code class="literal">ssl</code> module currently does not perform host name checking on the server certificate. <a class="xref" href="#ex-Defensive_Coding-TLS-Client-Python-check_host_name">Example 17.26, “Implementing TLS host name checking Python (without wildcard support)”</a> shows how to implement certificate matching, using the parsed certificate returned by <code class="function">getpeercert</code>.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-Python-check_host_name"><h6>Example 17.26. Implementing TLS host name checking Python (without wildcard support)</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Keyword">def</span> check_host_name<span class="perl_Char">(peercert</span>, name<span class="perl_Char">):</span>
<span class="perl_Comment">"""Simple certificate/host name checker. Returns True if the</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment"> certificate matches, False otherwise. Does not support</span><span class="perl_Comment"></span>
@@ -2599,7 +2746,7 @@ ret = PR_Read(nspr, buf, <span class="perl_Keyword">sizeof</span>(buf));
<span class="perl_Keyword">return</span> cn <span class="perl_Char">==</span> name
<span class="perl_Keyword">return</span> <span class="perl_Others">False</span>
</pre></div></div><br class="example-break" /><div class="para">
- To turn a regular, connected TCP socket into a TLS-enabled socket, use the <code class="function">ssl.wrap_socket</code> function. The function call in <a class="xref" href="#ex-Defensive_Coding-TLS-Client-Python-Connect">Example 16.27, “Establishing a TLS client connection with Python”</a> provides additional arguments to override questionable defaults in OpenSSL and in the Python module.
+ To turn a regular, connected TCP socket into a TLS-enabled socket, use the <code class="function">ssl.wrap_socket</code> function. The function call in <a class="xref" href="#ex-Defensive_Coding-TLS-Client-Python-Connect">Example 17.27, “Establishing a TLS client connection with Python”</a> provides additional arguments to override questionable defaults in OpenSSL and in the Python module.
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
<code class="literal">ciphers="HIGH:-aNULL:-eNULL:-PSK:RC4-SHA:RC4-MD5"</code> selects relatively strong cipher suites with certificate-based authentication. (The call to <code class="function">check_host_name</code> function provides additional protection against anonymous cipher suites.)
</div></li><li class="listitem"><div class="para">
@@ -2610,7 +2757,7 @@ ret = PR_Read(nspr, buf, <span class="perl_Keyword">sizeof</span>(buf));
<code class="literal">ca_certs='/etc/ssl/certs/ca-bundle.crt'</code> initializes the certificate store with a set of trusted root CAs. Unfortunately, it is necessary to hard-code this path into applications because the default path in OpenSSL is not available through the Python <code class="literal">ssl</code> module.
</div></li></ul></div><div class="para">
The <code class="literal">ssl</code> module (and OpenSSL) perform certificate validation, but the certificate must be compared manually against the host name, by calling the <code class="function">check_host_name</code> defined above.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-Python-Connect"><h6>Example 16.27. Establishing a TLS client connection with Python</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-Python-Connect"><h6>Example 17.27. Establishing a TLS client connection with Python</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
sock <span class="perl_Char">=</span> ssl.wrap_socket<span class="perl_Char">(sock</span>,
ciphers<span class="perl_Char">=</span><span class="perl_String">"HIGH:-aNULL:-eNULL:-PSK:RC4-SHA:RC4-MD5"</span>,
ssl_version<span class="perl_Char">=ssl</span>.PROTOCOL_TLSv1,
@@ -2629,7 +2776,10 @@ sock.write<span class="perl_Char">(</span><span class="perl_String">"GET / HTTP/
</div><div class="informalexample"><pre xml:lang="en-US" class="programlisting" lang="en-US">
sock.close<span class="perl_Char">()</span>
</pre></div></div></div></div></div><div xml:lang="en-US" class="appendix" id="appe-Defensive_Coding-Revision_History" lang="en-US"><div class="titlepage"><div><div><h1 class="title">Revision History</h1></div></div></div><div class="para">
- <div class="revhistory"><table summary="Revision History"><tr><th align="left" valign="top" colspan="3"><strong>Revision History</strong></th></tr><tr><td align="left">Revision 1.2-1</td><td align="left">Wed Jul 16 2014</td><td align="left"><span class="author"><span class="firstname">Florian</span> <span class="surname">Weimer</span></span></td></tr><tr><td align="left" colspan="3">
+ <div class="revhistory"><table summary="Revision History"><tr><th align="left" valign="top" colspan="3"><strong>Revision History</strong></th></tr><tr><td align="left">Revision 1.3-1</td><td align="left">Mon Oct 13 2014</td><td align="left"><span class="author"><span class="firstname">Florian</span> <span class="surname">Weimer</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Go: Mention default value handling in deserialization</td></tr><tr><td>Shell: New chapter</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 1.2-1</td><td align="left">Wed Jul 16 2014</td><td align="left"><span class="author"><span class="firstname">Florian</span> <span class="surname">Weimer</span></span></td></tr><tr><td align="left" colspan="3">
<table border="0" summary="Simple list" class="simplelist"><tr><td>C: Corrected the <code class="function">strncat</code> example</td></tr><tr><td>C: Mention mixed signed/unsigned comparisons</td></tr><tr><td>C: Unsigned overflow checking example</td></tr><tr><td>C++: <code class="literal">operator new[]</code> has been fixed in GCC</td></tr><tr><td>C++: Additional material on <code class="literal">std::string</code>, iterators</td></tr><tr><td>OpenSSL: Mention <code class="command">openssl genrsa</code> entropy issue</td></tr><tr><td>Packaging: X.509 key generation</td></tr><tr><td>Go, Vala: Add short chapters</td></tr><tr><td>Serialization: Notes on fragmentation and reassembly</td></tr></table>
</td></tr><tr><td align="left">Revision 1.1-1</td><td align="left">Tue Aug 27 2013</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/appe-Defensive_Coding-Revision_History.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/appe-Defensive_Coding-Revision_History.html
index 184202e..adc3f9c 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/appe-Defensive_Coding-Revision_History.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/appe-Defensive_Coding-Revision_History.html
@@ -6,8 +6,11 @@
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="index.html" title="Defensive Coding" /><link rel="prev" href="sect-Defensive_Coding-TLS-Client-Python.html" title="16.2.5. Implementing TLS Clients With Python" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-TLS-Client-Python.html"><strong>Prev</strong></a></li><li class="next"></li></ul><div xml:lang="en-US" class="appendix" id="appe-Defensive_Cod
ing-Revision_History" lang="en-US"><div class="titlepage"><div><div><h1 class="title">Revision History</h1></div></div></div><div class="para">
- <div class="revhistory"><table summary="Revision History"><tr><th align="left" valign="top" colspan="3"><strong>Revision History</strong></th></tr><tr><td align="left">Revision 1.2-1</td><td align="left">Wed Jul 16 2014</td><td align="left"><span class="author"><span class="firstname">Florian</span> <span class="surname">Weimer</span></span></td></tr><tr><td align="left" colspan="3">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="index.html" title="Defensive Coding" /><link rel="prev" href="sect-Defensive_Coding-TLS-Client-Python.html" title="17.2.5. Implementing TLS Clients With Python" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-TLS-Client-Python.html"><strong>Prev</strong></a></li><li class="next"></li></ul><div xml:lang="en-US" class="appendix" id="appe-Defensive_Cod
ing-Revision_History" lang="en-US"><div class="titlepage"><div><div><h1 class="title">Revision History</h1></div></div></div><div class="para">
+ <div class="revhistory"><table summary="Revision History"><tr><th align="left" valign="top" colspan="3"><strong>Revision History</strong></th></tr><tr><td align="left">Revision 1.3-1</td><td align="left">Mon Oct 13 2014</td><td align="left"><span class="author"><span class="firstname">Florian</span> <span class="surname">Weimer</span></span></td></tr><tr><td align="left" colspan="3">
+ <table border="0" summary="Simple list" class="simplelist"><tr><td>Go: Mention default value handling in deserialization</td></tr><tr><td>Shell: New chapter</td></tr></table>
+
+ </td></tr><tr><td align="left">Revision 1.2-1</td><td align="left">Wed Jul 16 2014</td><td align="left"><span class="author"><span class="firstname">Florian</span> <span class="surname">Weimer</span></span></td></tr><tr><td align="left" colspan="3">
<table border="0" summary="Simple list" class="simplelist"><tr><td>C: Corrected the <code class="function">strncat</code> example</td></tr><tr><td>C: Mention mixed signed/unsigned comparisons</td></tr><tr><td>C: Unsigned overflow checking example</td></tr><tr><td>C++: <code class="literal">operator new[]</code> has been fixed in GCC</td></tr><tr><td>C++: Additional material on <code class="literal">std::string</code>, iterators</td></tr><tr><td>OpenSSL: Mention <code class="command">openssl genrsa</code> entropy issue</td></tr><tr><td>Packaging: X.509 key generation</td></tr><tr><td>Go, Vala: Add short chapters</td></tr><tr><td>Serialization: Notes on fragmentation and reassembly</td></tr></table>
</td></tr><tr><td align="left">Revision 1.1-1</td><td align="left">Tue Aug 27 2013</td><td align="left"><span class="author"><span class="firstname">Eric</span> <span class="surname">Christensen</span></span></td></tr><tr><td align="left" colspan="3">
@@ -21,4 +24,4 @@
</td></tr></table></div>
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-TLS-Client-Python.html"><strong>Prev</strong>16.2.5. Implementing TLS Clients With Python</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-TLS-Client-Python.html"><strong>Prev</strong>17.2.5. Implementing TLS Clients With Python</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch01s02s03s05.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch01s02s03s05.html
index 3609120..fac4ba9 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch01s02s03s05.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch01s02s03s05.html
@@ -6,7 +6,7 @@
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-C-String-Functions-Length.html" title="1.2.3. String Functions With Explicit Length Arguments" /><link rel="prev" href="sect-Defensive_Coding-C-Libc-strncat.html" title="1.2.3.4. strncat" /><link rel="next" href="ch01s02s03s06.html" title="1.2.3.6. ISO C11 Annex K *_s functions" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding
-C-Libc-strncat.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch01s02s03s06.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225447873680"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm225447873680">1.2.3.5. <code class="function">strlcpy</code> and <code class="function">strlcat</code></h4></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-C-String-Functions-Length.html" title="1.2.3. String Functions With Explicit Length Arguments" /><link rel="prev" href="sect-Defensive_Coding-C-Libc-strncat.html" title="1.2.3.4. strncat" /><link rel="next" href="ch01s02s03s06.html" title="1.2.3.6. ISO C11 Annex K *_s functions" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding
-C-Libc-strncat.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch01s02s03s06.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225459043024"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm225459043024">1.2.3.5. <code class="function">strlcpy</code> and <code class="function">strlcat</code></h4></div></div></div><div class="para">
Some systems support <code class="function">strlcpy</code> and <code class="function">strlcat</code> functions which behave this way, but these functions are not part of GNU libc. <code class="function">strlcpy</code> is often replaced with <code class="function">snprintf</code> with a <code class="literal">"%s"</code> format string. See <a class="xref" href="sect-Defensive_Coding-C-Libc-strncpy.html">Section 1.2.3.3, “<code class="function">strncpy</code>”</a> for a caveat related to the <code class="function">snprintf</code> return value.
</div><div class="para">
To emulate <code class="function">strlcat</code>, use the approach described in <a class="xref" href="sect-Defensive_Coding-C-Libc-strncat.html">Section 1.2.3.4, “<code class="function">strncat</code>”</a>.
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch01s02s03s06.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch01s02s03s06.html
index e64e0f3..00154eb 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch01s02s03s06.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch01s02s03s06.html
@@ -6,6 +6,6 @@
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-C-String-Functions-Length.html" title="1.2.3. String Functions With Explicit Length Arguments" /><link rel="prev" href="ch01s02s03s05.html" title="1.2.3.5. strlcpy and strlcat" /><link rel="next" href="ch01s02s03s07.html" title="1.2.3.7. Other strn* and stpn* functions" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch01s02s03s05.html"><strong>Pr
ev</strong></a></li><li class="next"><a accesskey="n" href="ch01s02s03s07.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225470258240"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm225470258240">1.2.3.6. ISO C11 Annex K *<code class="function">_s</code> functions</h4></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-C-String-Functions-Length.html" title="1.2.3. String Functions With Explicit Length Arguments" /><link rel="prev" href="ch01s02s03s05.html" title="1.2.3.5. strlcpy and strlcat" /><link rel="next" href="ch01s02s03s07.html" title="1.2.3.7. Other strn* and stpn* functions" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch01s02s03s05.html"><strong>Pr
ev</strong></a></li><li class="next"><a accesskey="n" href="ch01s02s03s07.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225454061776"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm225454061776">1.2.3.6. ISO C11 Annex K *<code class="function">_s</code> functions</h4></div></div></div><div class="para">
ISO C11 adds another set of length-checking functions, but GNU libc currently does not implement them.
</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch01s02s03s05.html"><strong>Prev</strong>1.2.3.5. strlcpy and strlcat</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch01s02s03s07.html"><strong>Next</strong>1.2.3.7. Other strn* and stpn* functions</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch01s02s03s07.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch01s02s03s07.html
index eda5d10..3426b55 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch01s02s03s07.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch01s02s03s07.html
@@ -6,6 +6,6 @@
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-C-String-Functions-Length.html" title="1.2.3. String Functions With Explicit Length Arguments" /><link rel="prev" href="ch01s02s03s06.html" title="1.2.3.6. ISO C11 Annex K *_s functions" /><link rel="next" href="sect-Defensive_Coding-C-Allocators.html" title="1.3. Memory allocators" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch01s02s03s06.htm
l"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-C-Allocators.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225487029024"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm225487029024">1.2.3.7. Other <code class="function">strn</code>* and <code class="function">stpn</code>* functions</h4></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-C-String-Functions-Length.html" title="1.2.3. String Functions With Explicit Length Arguments" /><link rel="prev" href="ch01s02s03s06.html" title="1.2.3.6. ISO C11 Annex K *_s functions" /><link rel="next" href="sect-Defensive_Coding-C-Allocators.html" title="1.3. Memory allocators" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch01s02s03s06.htm
l"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-C-Allocators.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225448205968"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm225448205968">1.2.3.7. Other <code class="function">strn</code>* and <code class="function">stpn</code>* functions</h4></div></div></div><div class="para">
GNU libc contains additional functions with different variants of length checking. Consult the documentation before using them to find out what the length actually means.
</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch01s02s03s06.html"><strong>Prev</strong>1.2.3.6. ISO C11 Annex K *_s functions</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-C-Allocators.html"><strong>Next</strong>1.3. Memory allocators</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch01s03s05.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch01s03s05.html
index 57a1f70..d9db06d 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch01s03s05.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch01s03s05.html
@@ -6,7 +6,7 @@
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-C-Allocators.html" title="1.3. Memory allocators" /><link rel="prev" href="sect-Defensive_Coding-C-Allocators-Custom.html" title="1.3.4. Custom memory allocators" /><link rel="next" href="sect-Defensive_Coding-C-Other.html" title="1.4. Other C-related topics" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-C-Allocators-Custom
.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-C-Other.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225451423808"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225451423808">1.3.5. Conservative garbage collection</h3></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-C-Allocators.html" title="1.3. Memory allocators" /><link rel="prev" href="sect-Defensive_Coding-C-Allocators-Custom.html" title="1.3.4. Custom memory allocators" /><link rel="next" href="sect-Defensive_Coding-C-Other.html" title="1.4. Other C-related topics" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-C-Allocators-Custom
.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-C-Other.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225447887344"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225447887344">1.3.5. Conservative garbage collection</h3></div></div></div><div class="para">
Garbage collection can be an alternative to explicit memory management using <code class="function">malloc</code> and <code class="function">free</code>. The Boehm-Dehmers-Weiser allocator can be used from C programs, with minimal type annotations. Performance is competitive with <code class="function">malloc</code> on 64-bit architectures, especially for multi-threaded programs. The stop-the-world pauses may be problematic for some real-time applications, though.
</div><div class="para">
However, using a conservative garbage collector may reduce opertunities for code reduce because once one library in a program uses garbage collection, the whole process memory needs to be subject to it, so that no pointers are missed. The Boehm-Dehmers-Weiser collector also reserves certain signals for internal use, so it is not fully transparent to the rest of the program.
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch04s02.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch04s02.html
index 76b0e79..9928723 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch04s02.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch04s02.html
@@ -6,7 +6,7 @@
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Python.html" title="Chapter 4. The Python Programming Language" /><link rel="prev" href="chap-Defensive_Coding-Python.html" title="Chapter 4. The Python Programming Language" /><link rel="next" href="ch04s03.html" title="4.3. Sandboxing" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Python.html"><strong>Prev</strong></a><
/li><li class="next"><a accesskey="n" href="ch04s03.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225449752960"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225449752960">4.2. Run-time compilation and code generation</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Python.html" title="Chapter 4. The Python Programming Language" /><link rel="prev" href="chap-Defensive_Coding-Python.html" title="Chapter 4. The Python Programming Language" /><link rel="next" href="ch04s03.html" title="4.3. Sandboxing" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Python.html"><strong>Prev</strong></a><
/li><li class="next"><a accesskey="n" href="ch04s03.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225463114592"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225463114592">4.2. Run-time compilation and code generation</h2></div></div></div><div class="para">
The following Python functions and statements related to code execution should be avoided:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
<code class="function">compile</code>
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch04s03.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch04s03.html
index 1e40867..fe60cc3 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch04s03.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch04s03.html
@@ -6,6 +6,6 @@
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Python.html" title="Chapter 4. The Python Programming Language" /><link rel="prev" href="ch04s02.html" title="4.2. Run-time compilation and code generation" /><link rel="next" href="chap-Defensive_Coding-Go.html" title="Chapter 5. The Go Programming Language" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch04s02.html"><strong>Prev</strong></a>
</li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Go.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225460781632"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225460781632">4.3. Sandboxing</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Python.html" title="Chapter 4. The Python Programming Language" /><link rel="prev" href="ch04s02.html" title="4.2. Run-time compilation and code generation" /><link rel="next" href="chap-Defensive_Coding-Shell.html" title="Chapter 5. Shell Programming and bash" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch04s02.html"><strong>Prev</strong></
a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Shell.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225452441888"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225452441888">4.3. Sandboxing</h2></div></div></div><div class="para">
The <code class="literal">rexec</code> Python module cannot safely sandbox untrusted code and should not be used. The standard CPython implementation is not suitable for sandboxing.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch04s02.html"><strong>Prev</strong>4.2. Run-time compilation and code generation</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Go.html"><strong>Next</strong>Chapter 5. The Go Programming Language</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch04s02.html"><strong>Prev</strong>4.2. Run-time compilation and code generation</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Shell.html"><strong>Next</strong>Chapter 5. Shell Programming and bash</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch08s02.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch08s02.html
index abb6e31..d166180 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch08s02.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch08s02.html
@@ -1,17 +1,13 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>8.2. Named temporary files</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US--" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>8.2. Object orientation</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Temporary_Files.html" title="Chapter 8. Temporary files" /><link rel="prev" href="chap-Defensive_Coding-Tasks-Temporary_Files.html" title="Chapter 8. Temporary files" /><link rel="next" href="ch08s03.html" title="8.3. Temporary files without names" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Tasks-Temporary_Files.
html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch08s03.html"><strong>Next</strong></a></li></ul><div class="section" id="idm217625929008"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm217625929008">8.2. Named temporary files</h2></div></div></div><div class="para">
- The <code class="function">mkostemp</code> function creates a named temporary file. You should specify the <code class="literal">O_CLOEXEC</code> flag to avoid file descriptor leaks to subprocesses. (Applications which do not use multiple threads can also use <code class="function">mkstemp</code>, but libraries should use <code class="function">mkostemp</code>.) For determining the directory part of the file name pattern, see <a class="xref" href="chap-Defensive_Coding-Tasks-Temporary_Files.html#chap-Defensive_Coding-Tasks-Temporary_Files-Location">Section 8.1, “Obtaining the location of temporary directory”</a>.
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Library_Design.html" title="Chapter 8. Library Design" /><link rel="prev" href="chap-Defensive_Coding-Tasks-Library_Design.html" title="Chapter 8. Library Design" /><link rel="next" href="sect-Defensive_Coding-Tasks-Library_Design-Callbacks.html" title="8.3. Callbacks" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-T
asks-Library_Design.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Library_Design-Callbacks.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225464076048"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225464076048">8.2. Object orientation</h2></div></div></div><div class="para">
+ Classes should be either designed as base classes, or it should be impossible to use them as base classes (like <code class="literal">final</code> classes in Java). Classes which are not designed for inheritance and are used as base classes nevertheless create potential maintenance hazards because it is difficult to predict how client code will react when calls to virtual methods are added, reordered or removed.
</div><div class="para">
- The file is not removed automatically. It is not safe to rename or delete the file before processing, or transform the name in any way (for example, by adding a file extension). If you need multiple temporary files, call <code class="function">mkostemp</code> multiple times. Do not create additional file names derived from the name provided by a previous <code class="function">mkostemp</code> call. However, it is safe to close the descriptor returned by <code class="function">mkostemp</code> and reopen the file using the generated name.
- </div><div class="para">
- The Python class <code class="literal">tempfile.NamedTemporaryFile</code> provides similar functionality, except that the file is deleted automatically by default. Note that you may have to use the <code class="literal">file</code> attribute to obtain the actual file object because some programming interfaces cannot deal with file-like objects. The C function <code class="function">mkostemp</code> is also available as <code class="function">tempfile.mkstemp</code>.
- </div><div class="para">
- In Java, you can use the <code class="function">java.io.File.createTempFile(String, String, File)</code> function, using the temporary file location determined according to <a class="xref" href="chap-Defensive_Coding-Tasks-Temporary_Files.html#chap-Defensive_Coding-Tasks-Temporary_Files-Location">Section 8.1, “Obtaining the location of temporary directory”</a>. Do not use <code class="function">java.io.File.deleteOnExit()</code> to delete temporary files, and do not register a shutdown hook for each temporary file you create. In both cases, the deletion hint cannot be removed from the system if you delete the temporary file prior to termination of the VM, causing a memory leak.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Tasks-Temporary_Files.html"><strong>Prev</strong>Chapter 8. Temporary files</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch08s03.html"><strong>Next</strong>8.3. Temporary files without names</a></li></ul></body></html>
\ No newline at end of file
+ Virtual member functions can be used as callbacks. See <a class="xref" href="sect-Defensive_Coding-Tasks-Library_Design-Callbacks.html">Section 8.3, “Callbacks”</a> for some of the challenges involved.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Tasks-Library_Design.html"><strong>Prev</strong>Chapter 8. Library Design</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Library_Design-Callbacks.html"><strong>Next</strong>8.3. Callbacks</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch08s04.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch08s04.html
new file mode 100644
index 0000000..5c275f2
--- /dev/null
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch08s04.html
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>8.4. Process attributes</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora_Security_Team');
+
+ addID('Fedora_Security_Team.1');
+
+ addID('Fedora_Security_Team.1.books');
+ addID('Fedora_Security_Team.1.Defensive_Coding');
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Library_Design.html" title="Chapter 8. Library Design" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Library_Design-Callbacks.html" title="8.3. Callbacks" /><link rel="next" href="sect-Defensive_Coding-Tasks-Descriptors.html" title="Chapter 9. File Descriptor Management" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive
_Coding-Tasks-Library_Design-Callbacks.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Descriptors.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225436870032"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225436870032">8.4. Process attributes</h2></div></div></div><div class="para">
+ Several attributes are global and affect all code in the process, not just the library that manipulates them.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ environment variables (see <a class="xref" href="ch12s03.html#sect-Defensive_Coding-Tasks-secure_getenv">Section 12.3.1, “Accessing environment variables”</a>)
+ </div></li><li class="listitem"><div class="para">
+ umask
+ </div></li><li class="listitem"><div class="para">
+ user IDs, group IDs and capabilities
+ </div></li><li class="listitem"><div class="para">
+ current working directory
+ </div></li><li class="listitem"><div class="para">
+ signal handlers, signal masks and signal delivery
+ </div></li><li class="listitem"><div class="para">
+ file locks (especially <code class="function">fcntl</code> locks behave in surprising ways, not just in a multi-threaded environment)
+ </div></li></ul></div><div class="para">
+ Library code should avoid manipulating these global process attributes. It should not rely on environment variables, umask, the current working directory and signal masks because these attributes can be inherted from an untrusted source.
+ </div><div class="para">
+ In addition, there are obvious process-wide aspects such as the virtual memory layout, the set of open files and dynamic shared objects, but with the exception of shared objects, these can be manipulated in a relatively isolated way.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Library_Design-Callbacks.html"><strong>Prev</strong>8.3. Callbacks</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Descriptors.html"><strong>Next</strong>Chapter 9. File Descriptor Management</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch11s02.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch11s02.html
index 2873e98..a7340d7 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch11s02.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch11s02.html
@@ -1,21 +1,17 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>11.2. Handling child process termination</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>11.2. Named temporary files</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Processes.html" title="Chapter 11. Processes" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Processes.html" title="Chapter 11. Processes" /><link rel="next" href="ch11s03.html" title="11.3. SUID/SGID processes" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Processes.html"><strong>Prev</strong></a></li><
li class="next"><a accesskey="n" href="ch11s03.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225473202752"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225473202752">11.2. Handling child process termination</h2></div></div></div><div class="para">
- When child processes terminate, the parent process is signalled. A stub of the terminated processes (a <span class="emphasis"><em>zombie</em></span>, shown as <code class="literal"><defunct></code> by <span class="application"><strong>ps</strong></span>) is kept around until the status information is collected (<span class="emphasis"><em>reaped</em></span>) by the parent process. Over the years, several interfaces for this have been invented:
- </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
- The parent process calls <code class="function">wait</code>, <code class="function">waitpid</code>, <code class="function">waitid</code>, <code class="function">wait3</code> or <code class="function">wait4</code>, without specifying a process ID. This will deliver any matching process ID. This approach is typically used from within event loops.
- </div></li><li class="listitem"><div class="para">
- The parent process calls <code class="function">waitpid</code>, <code class="function">waitid</code>, or <code class="function">wait4</code>, with a specific process ID. Only data for the specific process ID is returned. This is typically used in code which spawns a single subprocess in a synchronous manner.
- </div></li><li class="listitem"><div class="para">
- The parent process installs a handler for the <code class="literal">SIGCHLD</code> signal, using <code class="function">sigaction</code>, and specifies to the <code class="literal">SA_NOCLDWAIT</code> flag. This approach could be used by event loops as well.
- </div></li></ul></div><div class="para">
- None of these approaches can be used to wait for child process terminated in a completely thread-safe manner. The parent process might execute an event loop in another thread, which could pick up the termination signal. This means that libraries typically cannot make free use of child processes (for example, to run problematic code with reduced privileges in a separate address space).
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Temporary_Files.html" title="Chapter 11. Temporary files" /><link rel="prev" href="chap-Defensive_Coding-Tasks-Temporary_Files.html" title="Chapter 11. Temporary files" /><link rel="next" href="ch11s03.html" title="11.3. Temporary files without names" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Tasks-Temporary_Fil
es.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch11s03.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225436863712"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225436863712">11.2. Named temporary files</h2></div></div></div><div class="para">
+ The <code class="function">mkostemp</code> function creates a named temporary file. You should specify the <code class="literal">O_CLOEXEC</code> flag to avoid file descriptor leaks to subprocesses. (Applications which do not use multiple threads can also use <code class="function">mkstemp</code>, but libraries should use <code class="function">mkostemp</code>.) For determining the directory part of the file name pattern, see <a class="xref" href="chap-Defensive_Coding-Tasks-Temporary_Files.html#chap-Defensive_Coding-Tasks-Temporary_Files-Location">Section 11.1, “Obtaining the location of temporary directory”</a>.
</div><div class="para">
- At the moment, the parent process should explicitly wait for termination of the child process using <code class="function">waitpid</code> or <code class="function">waitid</code>, and hope that the status is not collected by an event loop first.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Processes.html"><strong>Prev</strong>Chapter 11. Processes</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch11s03.html"><strong>Next</strong>11.3. SUID/SGID processes</a></li></ul></body></html>
\ No newline at end of file
+ The file is not removed automatically. It is not safe to rename or delete the file before processing, or transform the name in any way (for example, by adding a file extension). If you need multiple temporary files, call <code class="function">mkostemp</code> multiple times. Do not create additional file names derived from the name provided by a previous <code class="function">mkostemp</code> call. However, it is safe to close the descriptor returned by <code class="function">mkostemp</code> and reopen the file using the generated name.
+ </div><div class="para">
+ The Python class <code class="literal">tempfile.NamedTemporaryFile</code> provides similar functionality, except that the file is deleted automatically by default. Note that you may have to use the <code class="literal">file</code> attribute to obtain the actual file object because some programming interfaces cannot deal with file-like objects. The C function <code class="function">mkostemp</code> is also available as <code class="function">tempfile.mkstemp</code>.
+ </div><div class="para">
+ In Java, you can use the <code class="function">java.io.File.createTempFile(String, String, File)</code> function, using the temporary file location determined according to <a class="xref" href="chap-Defensive_Coding-Tasks-Temporary_Files.html#chap-Defensive_Coding-Tasks-Temporary_Files-Location">Section 11.1, “Obtaining the location of temporary directory”</a>. Do not use <code class="function">java.io.File.deleteOnExit()</code> to delete temporary files, and do not register a shutdown hook for each temporary file you create. In both cases, the deletion hint cannot be removed from the system if you delete the temporary file prior to termination of the VM, causing a memory leak.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Tasks-Temporary_Files.html"><strong>Prev</strong>Chapter 11. Temporary files</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch11s03.html"><strong>Next</strong>11.3. Temporary files without names</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch11s03.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch11s03.html
index dc53a24..5977608 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch11s03.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch11s03.html
@@ -1,41 +1,17 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>11.3. SUID/SGID processes</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>11.3. Temporary files without names</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Processes.html" title="Chapter 11. Processes" /><link rel="prev" href="ch11s02.html" title="11.2. Handling child process termination" /><link rel="next" href="sect-Defensive_Coding-Tasks-Processes-Daemons.html" title="11.4. Daemons" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch11s02.html"><strong>Prev</strong></a></li><li class="next">
<a accesskey="n" href="sect-Defensive_Coding-Tasks-Processes-Daemons.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225439706160"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225439706160">11.3. <code class="literal">SUID</code>/<code class="literal">SGID</code> processes</h2></div></div></div><div class="para">
- Programs can be marked in the file system to indicate to the kernel that a trust transition should happen if the program is run. The <code class="literal">SUID</code> file permission bit indicates that an executable should run with the effective user ID equal to the owner of the executable file. Similarly, with the <code class="literal">SGID</code> bit, the effective group ID is set to the group of the executable file.
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Temporary_Files.html" title="Chapter 11. Temporary files" /><link rel="prev" href="ch11s02.html" title="11.2. Named temporary files" /><link rel="next" href="chap-Defensive_Coding-Tasks-Temporary_Directory.html" title="11.4. Temporary directories" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch11s02.html"><strong>Prev</strong></a></li><l
i class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Temporary_Directory.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225455551008"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225455551008">11.3. Temporary files without names</h2></div></div></div><div class="para">
+ The <code class="function">tmpfile</code> function creates a temporary file and immediately deletes it, while keeping the file open. As a result, the file lacks a name and its space is deallocated as soon as the file descriptor is closed (including the implicit close when the process terminates). This avoids cluttering the temporary directory with orphaned files.
</div><div class="para">
- Linux supports <span class="emphasis"><em>fscaps</em></span>, which can grant additional capabilities to a process in a finer-grained manner. Additional mechanisms can be provided by loadable security modules.
+ Alternatively, if the maximum size of the temporary file is known beforehand, the <code class="function">fmemopen</code> function can be used to create a <code class="literal">FILE *</code> object which is backed by memory.
</div><div class="para">
- When such a trust transition has happened, the process runs in a potentially hostile environment. Additional care is necessary not to rely on any untrusted information. These concerns also apply to libraries which can be linked into such processes.
- </div><div class="section" id="sect-Defensive_Coding-Tasks-secure_getenv"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">11.3.1. Accessing environment variables</h3></div></div></div><div class="para">
- The following steps are required so that a program does not accidentally pick up untrusted data from environment variables.
- </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
- Compile your C/C++ sources with <code class="literal">-D_GNU_SOURCE</code>. The Autoconf macro <code class="literal">AC_GNU_SOURCE</code> ensures this.
- </div></li><li class="listitem"><div class="para">
- Check for the presence of the <code class="function">secure_getenv</code> and <code class="function">__secure_getenv</code> function. The Autoconf directive <code class="literal">AC_CHECK_FUNCS([__secure_getenv secure_getenv])</code> performs these checks.
- </div></li><li class="listitem"><div class="para">
- Arrange for a proper definition of the <code class="function">secure_getenv</code> function. See <a class="xref" href="ch11s03.html#ex-Defensive_Coding-Tasks-secure_getenv">Example 11.1, “Obtaining a definition for <code class="function">secure_getenv</code>”</a>.
- </div></li><li class="listitem"><div class="para">
- Use <code class="function">secure_getenv</code> instead of <code class="function">getenv</code> to obtain the value of critical environment variables. <code class="function">secure_getenv</code> will pretend the variable has not bee set if the process environment is not trusted.
- </div></li></ul></div><div class="para">
- Critical environment variables are debugging flags, configuration file locations, plug-in and log file locations, and anything else that might be used to bypass security restrictions or cause a privileged process to behave in an unexpected way.
- </div><div class="para">
- Either the <code class="function">secure_getenv</code> function or the <code class="function">__secure_getenv</code> is available from GNU libc.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-secure_getenv"><h6>Example 11.1. Obtaining a definition for <code class="function">secure_getenv</code></h6><div class="example-contents"><pre class="programlisting">
-
-<span class="perl_Others">#include <stdlib.h></span><span class="perl_Others"></span>
-<span class="perl_Others"></span>
-<span class="perl_Others">#ifndef HAVE_SECURE_GETENV</span><span class="perl_Others"></span>
-<span class="perl_Others"></span><span class="perl_Others"># ifdef HAVE__SECURE_GETENV</span><span class="perl_Others"></span>
-<span class="perl_Others"></span><span class="perl_Others"># define secure_getenv __secure_getenv</span><span class="perl_Others"></span>
-<span class="perl_Others"></span><span class="perl_Others"># else</span><span class="perl_Others"></span>
-<span class="perl_Others"></span><span class="perl_Others"># error neither secure_getenv nor __secure_getenv are available</span><span class="perl_Others"></span>
-<span class="perl_Others"></span><span class="perl_Others"># endif</span><span class="perl_Others"></span>
-<span class="perl_Others"></span><span class="perl_Others">#endif</span><span class="perl_Others"></span>
-<span class="perl_Others"></span>
-</pre></div></div><br class="example-break" /></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch11s02.html"><strong>Prev</strong>11.2. Handling child process termination</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Processes-Daemons.html"><strong>Next</strong>11.4. Daemons</a></li></ul></body></html>
\ No newline at end of file
+ In Python, unnamed temporary files are provided by the <code class="literal">tempfile.TemporaryFile</code> class, and the <code class="literal">tempfile.SpooledTemporaryFile</code> class provides a way to avoid creation of small temporary files.
+ </div><div class="para">
+ Java does not support unnamed temporary files.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch11s02.html"><strong>Prev</strong>11.2. Named temporary files</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Temporary_Directory.html"><strong>Next</strong>11.4. Temporary directories</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch11s05.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch11s05.html
index 0443834..87836bb 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch11s05.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch11s05.html
@@ -1,15 +1,23 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>11.5. Semantics of command line arguments</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>11.5. Compensating for unsafe file creation</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Processes.html" title="Chapter 11. Processes" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Processes-Daemons.html" title="11.4. Daemons" /><link rel="next" href="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html" title="11.6. fork as a primitive for parallelism" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_C
oding-Tasks-Processes-Daemons.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225471110432"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225471110432">11.5. Semantics of command line arguments</h2></div></div></div><div class="para">
- After process creation and option processing, it is up to the child process to interpret the arguments. Arguments can be file names, host names, or URLs, and many other things. URLs can refer to the local network, some server on the Internet, or to the local file system. Some applications even accept arbitrary code in arguments (for example, <span class="application"><strong>python</strong></span> with the <code class="option">-c</code> option).
- </div><div class="para">
- Similar concerns apply to environment variables, the contents of the current directory and its subdirectories.
- </div><div class="para">
- Consequently, careful analysis is required if it is safe to pass untrusted data to another program.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Processes-Daemons.html"><strong>Prev</strong>11.4. Daemons</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html"><strong>Next</strong>11.6. fork as a primitive for parallelism</a></li></ul></body></html>
\ No newline at end of file
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Temporary_Files.html" title="Chapter 11. Temporary files" /><link rel="prev" href="chap-Defensive_Coding-Tasks-Temporary_Directory.html" title="11.4. Temporary directories" /><link rel="next" href="sect-Defensive_Coding-Tasks-Processes.html" title="Chapter 12. Processes" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding
-Tasks-Temporary_Directory.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Processes.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225456535232"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225456535232">11.5. Compensating for unsafe file creation</h2></div></div></div><div class="para">
+ There are two ways to make a function or program which excepts a file name safe for use with temporary files. See <a class="xref" href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-Creation">Section 12.1, “Safe process creation”</a>, for details on subprocess creation.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Create a temporary directory and place the file there. If possible, run the program in a subprocess which uses the temporary directory as its current directory, with a restricted environment. Use generated names for all files in that temporary directory. (See <a class="xref" href="chap-Defensive_Coding-Tasks-Temporary_Directory.html">Section 11.4, “Temporary directories”</a>.)
+ </div></li><li class="listitem"><div class="para">
+ Create the temporary file and pass the generated file name to the function or program. This only works if the function or program can cope with a zero-length existing file. It is safe only under additional assumptions:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ The function or program must not create additional files whose name is derived from the specified file name or are otherwise predictable.
+ </div></li><li class="listitem"><div class="para">
+ The function or program must not delete the file before processing it.
+ </div></li><li class="listitem"><div class="para">
+ It must not access any existing files in the same directory.
+ </div></li></ul></div><div class="para">
+ It is often difficult to check whether these additional assumptions are matched, therefore this approach is not recommended.
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Tasks-Temporary_Directory.html"><strong>Prev</strong>11.4. Temporary directories</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Processes.html"><strong>Next</strong>Chapter 12. Processes</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch12s02.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch12s02.html
index 4d2bb80..e647d1e 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch12s02.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch12s02.html
@@ -1,13 +1,21 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.2. Protocol design</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.2. Handling child process termination</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Serialization.html" title="Chapter 12. Serialization and Deserialization" /><link rel="prev" href="chap-Defensive_Coding-Tasks-Serialization.html" title="Chapter 12. Serialization and Deserialization" /><link rel="next" href="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html" title="12.3. Fragmentation" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous">
<a accesskey="p" href="chap-Defensive_Coding-Tasks-Serialization.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225471012320"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225471012320">12.2. Protocol design</h2></div></div></div><div class="para">
- Binary formats with explicit length fields are more difficult to parse robustly than those where the length of dynamically-sized elements is derived from sentinel values. A protocol which does not use length fields and can be written in printable ASCII characters simplifies testing and debugging. However, binary protocols with length fields may be more efficient to parse.
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Processes.html" title="Chapter 12. Processes" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Processes.html" title="Chapter 12. Processes" /><link rel="next" href="ch12s03.html" title="12.3. SUID/SGID processes" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Processes.html"><strong>Prev</strong></a></li><
li class="next"><a accesskey="n" href="ch12s03.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225444117952"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225444117952">12.2. Handling child process termination</h2></div></div></div><div class="para">
+ When child processes terminate, the parent process is signalled. A stub of the terminated processes (a <span class="emphasis"><em>zombie</em></span>, shown as <code class="literal"><defunct></code> by <span class="application"><strong>ps</strong></span>) is kept around until the status information is collected (<span class="emphasis"><em>reaped</em></span>) by the parent process. Over the years, several interfaces for this have been invented:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ The parent process calls <code class="function">wait</code>, <code class="function">waitpid</code>, <code class="function">waitid</code>, <code class="function">wait3</code> or <code class="function">wait4</code>, without specifying a process ID. This will deliver any matching process ID. This approach is typically used from within event loops.
+ </div></li><li class="listitem"><div class="para">
+ The parent process calls <code class="function">waitpid</code>, <code class="function">waitid</code>, or <code class="function">wait4</code>, with a specific process ID. Only data for the specific process ID is returned. This is typically used in code which spawns a single subprocess in a synchronous manner.
+ </div></li><li class="listitem"><div class="para">
+ The parent process installs a handler for the <code class="literal">SIGCHLD</code> signal, using <code class="function">sigaction</code>, and specifies to the <code class="literal">SA_NOCLDWAIT</code> flag. This approach could be used by event loops as well.
+ </div></li></ul></div><div class="para">
+ None of these approaches can be used to wait for child process terminated in a completely thread-safe manner. The parent process might execute an event loop in another thread, which could pick up the termination signal. This means that libraries typically cannot make free use of child processes (for example, to run problematic code with reduced privileges in a separate address space).
</div><div class="para">
- In new datagram-oriented protocols, unique numbers such as sequence numbers or identifiers for fragment reassembly (see <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html">Section 12.3, “Fragmentation”</a>) should be at least 64 bits large, and really should not be smaller than 32 bits in size. Protocols should not permit fragments with overlapping contents.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Tasks-Serialization.html"><strong>Prev</strong>Chapter 12. Serialization and Deserialization</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html"><strong>Next</strong>12.3. Fragmentation</a></li></ul></body></html>
\ No newline at end of file
+ At the moment, the parent process should explicitly wait for termination of the child process using <code class="function">waitpid</code> or <code class="function">waitid</code>, and hope that the status is not collected by an event loop first.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Processes.html"><strong>Prev</strong>Chapter 12. Processes</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch12s03.html"><strong>Next</strong>12.3. SUID/SGID processes</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch12s03.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch12s03.html
new file mode 100644
index 0000000..1286b2d
--- /dev/null
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch12s03.html
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.3. SUID/SGID processes</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora_Security_Team');
+
+ addID('Fedora_Security_Team.1');
+
+ addID('Fedora_Security_Team.1.books');
+ addID('Fedora_Security_Team.1.Defensive_Coding');
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Processes.html" title="Chapter 12. Processes" /><link rel="prev" href="ch12s02.html" title="12.2. Handling child process termination" /><link rel="next" href="sect-Defensive_Coding-Tasks-Processes-Daemons.html" title="12.4. Daemons" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch12s02.html"><strong>Prev</strong></a></li><li class="next">
<a accesskey="n" href="sect-Defensive_Coding-Tasks-Processes-Daemons.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225451445136"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225451445136">12.3. <code class="literal">SUID</code>/<code class="literal">SGID</code> processes</h2></div></div></div><div class="para">
+ Programs can be marked in the file system to indicate to the kernel that a trust transition should happen if the program is run. The <code class="literal">SUID</code> file permission bit indicates that an executable should run with the effective user ID equal to the owner of the executable file. Similarly, with the <code class="literal">SGID</code> bit, the effective group ID is set to the group of the executable file.
+ </div><div class="para">
+ Linux supports <span class="emphasis"><em>fscaps</em></span>, which can grant additional capabilities to a process in a finer-grained manner. Additional mechanisms can be provided by loadable security modules.
+ </div><div class="para">
+ When such a trust transition has happened, the process runs in a potentially hostile environment. Additional care is necessary not to rely on any untrusted information. These concerns also apply to libraries which can be linked into such processes.
+ </div><div class="section" id="sect-Defensive_Coding-Tasks-secure_getenv"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.3.1. Accessing environment variables</h3></div></div></div><div class="para">
+ The following steps are required so that a program does not accidentally pick up untrusted data from environment variables.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Compile your C/C++ sources with <code class="literal">-D_GNU_SOURCE</code>. The Autoconf macro <code class="literal">AC_GNU_SOURCE</code> ensures this.
+ </div></li><li class="listitem"><div class="para">
+ Check for the presence of the <code class="function">secure_getenv</code> and <code class="function">__secure_getenv</code> function. The Autoconf directive <code class="literal">AC_CHECK_FUNCS([__secure_getenv secure_getenv])</code> performs these checks.
+ </div></li><li class="listitem"><div class="para">
+ Arrange for a proper definition of the <code class="function">secure_getenv</code> function. See <a class="xref" href="ch12s03.html#ex-Defensive_Coding-Tasks-secure_getenv">Example 12.1, “Obtaining a definition for <code class="function">secure_getenv</code>”</a>.
+ </div></li><li class="listitem"><div class="para">
+ Use <code class="function">secure_getenv</code> instead of <code class="function">getenv</code> to obtain the value of critical environment variables. <code class="function">secure_getenv</code> will pretend the variable has not bee set if the process environment is not trusted.
+ </div></li></ul></div><div class="para">
+ Critical environment variables are debugging flags, configuration file locations, plug-in and log file locations, and anything else that might be used to bypass security restrictions or cause a privileged process to behave in an unexpected way.
+ </div><div class="para">
+ Either the <code class="function">secure_getenv</code> function or the <code class="function">__secure_getenv</code> is available from GNU libc.
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-secure_getenv"><h6>Example 12.1. Obtaining a definition for <code class="function">secure_getenv</code></h6><div class="example-contents"><pre class="programlisting">
+
+<span class="perl_Others">#include <stdlib.h></span><span class="perl_Others"></span>
+<span class="perl_Others"></span>
+<span class="perl_Others">#ifndef HAVE_SECURE_GETENV</span><span class="perl_Others"></span>
+<span class="perl_Others"></span><span class="perl_Others"># ifdef HAVE__SECURE_GETENV</span><span class="perl_Others"></span>
+<span class="perl_Others"></span><span class="perl_Others"># define secure_getenv __secure_getenv</span><span class="perl_Others"></span>
+<span class="perl_Others"></span><span class="perl_Others"># else</span><span class="perl_Others"></span>
+<span class="perl_Others"></span><span class="perl_Others"># error neither secure_getenv nor __secure_getenv are available</span><span class="perl_Others"></span>
+<span class="perl_Others"></span><span class="perl_Others"># endif</span><span class="perl_Others"></span>
+<span class="perl_Others"></span><span class="perl_Others">#endif</span><span class="perl_Others"></span>
+<span class="perl_Others"></span>
+</pre></div></div><br class="example-break" /></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch12s02.html"><strong>Prev</strong>12.2. Handling child process termination</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Processes-Daemons.html"><strong>Next</strong>12.4. Daemons</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch12s05.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch12s05.html
new file mode 100644
index 0000000..6464d71
--- /dev/null
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch12s05.html
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.5. Semantics of command line arguments</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora_Security_Team');
+
+ addID('Fedora_Security_Team.1');
+
+ addID('Fedora_Security_Team.1.books');
+ addID('Fedora_Security_Team.1.Defensive_Coding');
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Processes.html" title="Chapter 12. Processes" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Processes-Daemons.html" title="12.4. Daemons" /><link rel="next" href="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html" title="12.6. fork as a primitive for parallelism" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_C
oding-Tasks-Processes-Daemons.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225445243312"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225445243312">12.5. Semantics of command line arguments</h2></div></div></div><div class="para">
+ After process creation and option processing, it is up to the child process to interpret the arguments. Arguments can be file names, host names, or URLs, and many other things. URLs can refer to the local network, some server on the Internet, or to the local file system. Some applications even accept arbitrary code in arguments (for example, <span class="application"><strong>python</strong></span> with the <code class="option">-c</code> option).
+ </div><div class="para">
+ Similar concerns apply to environment variables, the contents of the current directory and its subdirectories.
+ </div><div class="para">
+ Consequently, careful analysis is required if it is safe to pass untrusted data to another program.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Processes-Daemons.html"><strong>Prev</strong>12.4. Daemons</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html"><strong>Next</strong>12.6. fork as a primitive for parallelism</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch13s02.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch13s02.html
index ebbe1e4..d4535ea 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch13s02.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch13s02.html
@@ -1,31 +1,13 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>13.2. Randomness</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>13.2. Protocol design</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Cryptography.html" title="Chapter 13. Cryptography" /><link rel="prev" href="chap-Defensive_Coding-Tasks-Cryptography.html" title="Chapter 13. Cryptography" /><link rel="next" href="chap-Defensive_Coding-Tasks-Packaging.html" title="Chapter 14. RPM packaging" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Tasks-Cryp
tography.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Packaging.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225461877616"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225461877616">13.2. Randomness</h2></div></div></div><div class="para">
- The following facilities can be used to generate unpredictable and non-repeating values. When these functions are used without special safeguards, each individual random value should be at least 12 bytes long.
- </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
- <code class="function">PK11_GenerateRandom</code> in the NSS library (usable for high data rates)
- </div></li><li class="listitem"><div class="para">
- <code class="function">RAND_bytes</code> in the OpenSSL library (usable for high data rates)
- </div></li><li class="listitem"><div class="para">
- <code class="function">gnutls_rnd</code> in GNUTLS, with <code class="literal">GNUTLS_RND_RANDOM</code> as the first argument (usable for high data rates)
- </div></li><li class="listitem"><div class="para">
- <span class="type">java.security.SecureRandom</span> in Java (usable for high data rates)
- </div></li><li class="listitem"><div class="para">
- <code class="function">os.urandom</code> in Python
- </div></li><li class="listitem"><div class="para">
- Reading from the <code class="filename">/dev/urandom</code> character device
- </div></li></ul></div><div class="para">
- All these functions should be non-blocking, and they should not wait until physical randomness becomes available. (Some cryptography providers for Java can cause <span class="type">java.security.SecureRandom</span> to block, however.) Those functions which do not obtain all bits directly from <code class="filename">/dev/urandom</code> are suitable for high data rates because they do not deplete the system-wide entropy pool.
- </div><div class="important"><div class="admonition_header"><h2>Difficult to use API</h2></div><div class="admonition"><div class="para">
- Both <code class="function">RAND_bytes</code> and <code class="function">PK11_GenerateRandom</code> have three-state return values (with conflicting meanings). Careful error checking is required. Please review the documentation when using these functions.
- </div></div></div><div class="para">
- Other sources of randomness should be considered predictable.
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Serialization.html" title="Chapter 13. Serialization and Deserialization" /><link rel="prev" href="chap-Defensive_Coding-Tasks-Serialization.html" title="Chapter 13. Serialization and Deserialization" /><link rel="next" href="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html" title="13.3. Fragmentation" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous">
<a accesskey="p" href="chap-Defensive_Coding-Tasks-Serialization.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225451913088"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225451913088">13.2. Protocol design</h2></div></div></div><div class="para">
+ Binary formats with explicit length fields are more difficult to parse robustly than those where the length of dynamically-sized elements is derived from sentinel values. A protocol which does not use length fields and can be written in printable ASCII characters simplifies testing and debugging. However, binary protocols with length fields may be more efficient to parse.
</div><div class="para">
- Generating randomness for cryptographic keys in long-term use may need different steps and is best left to cryptographic libraries.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Tasks-Cryptography.html"><strong>Prev</strong>Chapter 13. Cryptography</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Packaging.html"><strong>Next</strong>Chapter 14. RPM packaging</a></li></ul></body></html>
\ No newline at end of file
+ In new datagram-oriented protocols, unique numbers such as sequence numbers or identifiers for fragment reassembly (see <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html">Section 13.3, “Fragmentation”</a>) should be at least 64 bits large, and really should not be smaller than 32 bits in size. Protocols should not permit fragments with overlapping contents.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Tasks-Serialization.html"><strong>Prev</strong>Chapter 13. Serialization and Deserialization</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html"><strong>Next</strong>13.3. Fragmentation</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch13s04.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch13s04.html
new file mode 100644
index 0000000..325c26d
--- /dev/null
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch13s04.html
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>13.4. Library support for deserialization</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora_Security_Team');
+
+ addID('Fedora_Security_Team.1');
+
+ addID('Fedora_Security_Team.1.books');
+ addID('Fedora_Security_Team.1.Defensive_Coding');
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Serialization.html" title="Chapter 13. Serialization and Deserialization" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html" title="13.3. Fragmentation" /><link rel="next" href="sect-Defensive_Coding-Tasks-Serialization-XML.html" title="13.5. XML serialization" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" hr
ef="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225486500448"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225486500448">13.4. Library support for deserialization</h2></div></div></div><div class="para">
+ For some languages, generic libraries are available which allow to serialize and deserialize user-defined objects. The deserialization part comes in one of two flavors, depending on the library. The first kind uses type information in the data stream to control which objects are instantiated. The second kind uses type definitions supplied by the programmer. The first one allows arbitrary object instantiation, the second one generally does not.
+ </div><div class="para">
+ The following serialization frameworks are in the first category, are known to be unsafe, and must not be used for untrusted data:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Python's <span class="package">pickle</span> and <span class="package">cPickle</span> modules, and wrappers such as <span class="package">shelve</span>
+ </div></li><li class="listitem"><div class="para">
+ Perl's <span class="package">Storable</span> package
+ </div></li><li class="listitem"><div class="para">
+ Java serialization (<span class="type">java.io.ObjectInputStream</span>), even if encoded in other formats (as with <span class="type">java.beans.XMLDecoder</span>)
+ </div></li><li class="listitem"><div class="para">
+ PHP serialization (<code class="function">unserialize</code>)
+ </div></li><li class="listitem"><div class="para">
+ Most implementations of YAML
+ </div></li></ul></div><div class="para">
+ When using a type-directed deserialization format where the types of the deserialized objects are specified by the programmer, make sure that the objects which can be instantiated cannot perform any destructive actions in their destructors, even when the data members have been manipulated.
+ </div><div class="para">
+ In general, JSON decoders do not suffer from this problem. But you must not use the <code class="function">eval</code> function to parse JSON objects in Javascript; even with the regular expression filter from RFC 4627, there are still information leaks remaining. JSON-based formats can still turn out risky if they serve as an encoding form for any if the serialization frameworks listed above.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html"><strong>Prev</strong>13.3. Fragmentation</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML.html"><strong>Next</strong>13.5. XML serialization</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch13s06.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch13s06.html
new file mode 100644
index 0000000..5896f3e
--- /dev/null
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch13s06.html
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>13.6. Protocol Encoders</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora_Security_Team');
+
+ addID('Fedora_Security_Team.1');
+
+ addID('Fedora_Security_Team.1.books');
+ addID('Fedora_Security_Team.1.Defensive_Coding');
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Serialization.html" title="Chapter 13. Serialization and Deserialization" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-Other.html" title="13.5.7.3. Other XML parsers in OpenJDK" /><link rel="next" href="chap-Defensive_Coding-Tasks-Cryptography.html" title="Chapter 14. Cryptography" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="pre
vious"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-Other.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Cryptography.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225439709792"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225439709792">13.6. Protocol Encoders</h2></div></div></div><div class="para">
+ For protocol encoders, you should write bytes to a buffer which grows as needed, using an exponential sizing policy. Explicit lengths can be patched in later, once they are known. Allocating the required number of bytes upfront typically requires separate code to compute the final size, which must be kept in sync with the actual encoding step, or vulnerabilities may result. In multi-threaded code, parts of the object being deserialized might change, so that the computed size is out of date.
+ </div><div class="para">
+ You should avoid copying data directly from a received packet during encoding, disregarding the format. Propagating malformed data could enable attacks on other recipients of that data.
+ </div><div class="para">
+ When using C or C++ and copying whole data structures directly into the output, make sure that you do not leak information in padding bytes between fields or at the end of the <code class="literal">struct</code>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-Other.html"><strong>Prev</strong>13.5.7.3. Other XML parsers in OpenJDK</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Cryptography.html"><strong>Next</strong>Chapter 14. Cryptography</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch14s02.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch14s02.html
new file mode 100644
index 0000000..8bc11eb
--- /dev/null
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch14s02.html
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>14.2. Randomness</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora_Security_Team');
+
+ addID('Fedora_Security_Team.1');
+
+ addID('Fedora_Security_Team.1.books');
+ addID('Fedora_Security_Team.1.Defensive_Coding');
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Cryptography.html" title="Chapter 14. Cryptography" /><link rel="prev" href="chap-Defensive_Coding-Tasks-Cryptography.html" title="Chapter 14. Cryptography" /><link rel="next" href="chap-Defensive_Coding-Tasks-Packaging.html" title="Chapter 15. RPM packaging" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Tasks-Cryp
tography.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Packaging.html"><strong>Next</strong></a></li></ul><div class="section" id="idm225440695392"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225440695392">14.2. Randomness</h2></div></div></div><div class="para">
+ The following facilities can be used to generate unpredictable and non-repeating values. When these functions are used without special safeguards, each individual random value should be at least 12 bytes long.
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <code class="function">PK11_GenerateRandom</code> in the NSS library (usable for high data rates)
+ </div></li><li class="listitem"><div class="para">
+ <code class="function">RAND_bytes</code> in the OpenSSL library (usable for high data rates)
+ </div></li><li class="listitem"><div class="para">
+ <code class="function">gnutls_rnd</code> in GNUTLS, with <code class="literal">GNUTLS_RND_RANDOM</code> as the first argument (usable for high data rates)
+ </div></li><li class="listitem"><div class="para">
+ <span class="type">java.security.SecureRandom</span> in Java (usable for high data rates)
+ </div></li><li class="listitem"><div class="para">
+ <code class="function">os.urandom</code> in Python
+ </div></li><li class="listitem"><div class="para">
+ Reading from the <code class="filename">/dev/urandom</code> character device
+ </div></li></ul></div><div class="para">
+ All these functions should be non-blocking, and they should not wait until physical randomness becomes available. (Some cryptography providers for Java can cause <span class="type">java.security.SecureRandom</span> to block, however.) Those functions which do not obtain all bits directly from <code class="filename">/dev/urandom</code> are suitable for high data rates because they do not deplete the system-wide entropy pool.
+ </div><div class="important"><div class="admonition_header"><h2>Difficult to use API</h2></div><div class="admonition"><div class="para">
+ Both <code class="function">RAND_bytes</code> and <code class="function">PK11_GenerateRandom</code> have three-state return values (with conflicting meanings). Careful error checking is required. Please review the documentation when using these functions.
+ </div></div></div><div class="para">
+ Other sources of randomness should be considered predictable.
+ </div><div class="para">
+ Generating randomness for cryptographic keys in long-term use may need different steps and is best left to cryptographic libraries.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Tasks-Cryptography.html"><strong>Prev</strong>Chapter 14. Cryptography</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Packaging.html"><strong>Next</strong>Chapter 15. RPM packaging</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Authentication.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Authentication.html
index 254ab47..f35bafb 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Authentication.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Authentication.html
@@ -1,12 +1,12 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 15. Authentication and Authorization</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 16. Authentication and Authorization</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt03.html" title="Part III. Implementing Security Features" /><link rel="prev" href="pt03.html" title="Part III. Implementing Security Features" /><link rel="next" href="sect-Defensive_Coding-Authentication-Host_based.html" title="15.2. Host-based authentication" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="pt03.html"><strong>Prev</strong></a></li><li class="next"
><a accesskey="n" href="sect-Defensive_Coding-Authentication-Host_based.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Authentication" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 15. Authentication and Authorization</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-Authentication.html#sect-Defensive_Coding-Authentication-Server">15.1. Authenticating servers</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Authentication-Host_based.html">15.2. Host-based authentication</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Authentication-UNIX_Domain.html">15.3. UNIX domain socket authentication</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Authentication-Netlink.html">15.4. <code class="literal">AF_NETLINK</code> authentication of origin</a></span></dt></dl></div>
<div class="section" id="sect-Defensive_Coding-Authentication-Server"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">15.1. Authenticating servers</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt03.html" title="Part III. Implementing Security Features" /><link rel="prev" href="pt03.html" title="Part III. Implementing Security Features" /><link rel="next" href="sect-Defensive_Coding-Authentication-Host_based.html" title="16.2. Host-based authentication" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="pt03.html"><strong>Prev</strong></a></li><li class="next"
><a accesskey="n" href="sect-Defensive_Coding-Authentication-Host_based.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Authentication" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 16. Authentication and Authorization</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-Authentication.html#sect-Defensive_Coding-Authentication-Server">16.1. Authenticating servers</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Authentication-Host_based.html">16.2. Host-based authentication</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Authentication-UNIX_Domain.html">16.3. UNIX domain socket authentication</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Authentication-Netlink.html">16.4. <code class="literal">AF_NETLINK</code> authentication of origin</a></span></dt></dl></div>
<div class="section" id="sect-Defensive_Coding-Authentication-Server"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">16.1. Authenticating servers</h2></div></div></div><div class="para">
When connecting to a server, a client has to make sure that it is actually talking to the server it expects. There are two different aspects, securing the network path, and making sure that the expected user runs the process on the target host. There are several ways to ensure that:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
The server uses a TLS certificate which is valid according to the web browser public key infrastructure, and the client verifies the certificate and the host name.
@@ -17,7 +17,7 @@
</div></li><li class="listitem"><div class="para">
Port numbers less than 1024 (<span class="emphasis"><em>trusted ports</em></span>) can only be used by <code class="literal">root</code>, so if a UDP or TCP server is running on the local host and it uses a trusted port, its identity is assured. (Not all operating systems enforce the trusted ports concept, and the network might not be trusted, so it is only useful on the local system.)
</div></li></ul></div><div class="para">
- TLS (<a class="xref" href="chap-Defensive_Coding-TLS.html">Chapter 16, <em>Transport Layer Security</em></a>) is the recommended way for securing connections over untrusted networks.
+ TLS (<a class="xref" href="chap-Defensive_Coding-TLS.html">Chapter 17, <em>Transport Layer Security</em></a>) is the recommended way for securing connections over untrusted networks.
</div><div class="para">
If the server port number is 1024 is higher, a local user can impersonate the process by binding to this socket, perhaps after crashing the real server by exploiting a denial-of-service vulnerability.
- </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="pt03.html"><strong>Prev</strong>Part III. Implementing Security Features</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Authentication-Host_based.html"><strong>Next</strong>15.2. Host-based authentication</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="pt03.html"><strong>Prev</strong>Part III. Implementing Security Features</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Authentication-Host_based.html"><strong>Next</strong>16.2. Host-based authentication</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-C.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-C.html
index 68f7426..9369316 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-C.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-C.html
@@ -6,7 +6,7 @@
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt01.html" title="Part I. Programming Languages" /><link rel="prev" href="pt01.html" title="Part I. Programming Languages" /><link rel="next" href="sect-Defensive_Coding-C-Libc.html" title="1.2. The C standard library" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="pt01.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding
-C-Libc.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-C" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 1. The C Programming Language</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Language">1.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Undefined">1.1.1. Undefined behavior</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Pointers">1.1.2. Recommendations for pointers and array handling</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Arithmetic">1.1.3. Recommendations for integer arithmetic</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Globals">1.1.
4. Global variables</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-C-Libc.html">1.2. The C standard library</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-C-Libc.html#sect-Defensive_Coding-C-Absolutely-Banned">1.2.1. Absolutely banned interfaces</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Avoid.html">1.2.2. Functions to avoid</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-String-Functions-Length.html">1.2.3. String Functions With Explicit Length Arguments</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators.html">1.3. Memory allocators</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators.html#idm225470719360">1.3.1. <code class="function">malloc</code> and related functions</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators-alloca.html">1
.3.2. <code class="function">alloca</code> and other forms of stack-based allocation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators-Arrays.html">1.3.3. Array allocation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators-Custom.html">1.3.4. Custom memory allocators</a></span></dt><dt><span class="section"><a href="ch01s03s05.html">1.3.5. Conservative garbage collection</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-C-Other.html">1.4. Other C-related topics</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-C-Other.html#sect-Defensive_Coding-C-Wrapper-Functions">1.4.1. Wrapper functions</a></span></dt></dl></dd></dl></div><div xml:lang="en-US" class="section" id="sect-Defensive_Coding-C-Language" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">1.1. The core language</h2></div></div></div><d
iv class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt01.html" title="Part I. Programming Languages" /><link rel="prev" href="pt01.html" title="Part I. Programming Languages" /><link rel="next" href="sect-Defensive_Coding-C-Libc.html" title="1.2. The C standard library" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="pt01.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding
-C-Libc.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-C" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 1. The C Programming Language</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Language">1.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Undefined">1.1.1. Undefined behavior</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Pointers">1.1.2. Recommendations for pointers and array handling</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Arithmetic">1.1.3. Recommendations for integer arithmetic</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Globals">1.1.
4. Global variables</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-C-Libc.html">1.2. The C standard library</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-C-Libc.html#sect-Defensive_Coding-C-Absolutely-Banned">1.2.1. Absolutely banned interfaces</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Avoid.html">1.2.2. Functions to avoid</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-String-Functions-Length.html">1.2.3. String Functions With Explicit Length Arguments</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators.html">1.3. Memory allocators</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators.html#idm225431847616">1.3.1. <code class="function">malloc</code> and related functions</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators-alloca.html">1
.3.2. <code class="function">alloca</code> and other forms of stack-based allocation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators-Arrays.html">1.3.3. Array allocation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators-Custom.html">1.3.4. Custom memory allocators</a></span></dt><dt><span class="section"><a href="ch01s03s05.html">1.3.5. Conservative garbage collection</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-C-Other.html">1.4. Other C-related topics</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-C-Other.html#sect-Defensive_Coding-C-Wrapper-Functions">1.4.1. Wrapper functions</a></span></dt></dl></dd></dl></div><div xml:lang="en-US" class="section" id="sect-Defensive_Coding-C-Language" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">1.1. The core language</h2></div></div></div><d
iv class="para">
C provides no memory safety. Most recommendations in this section deal with this aspect of the language.
</div><div class="section" id="sect-Defensive_Coding-C-Undefined"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">1.1.1. Undefined behavior</h3></div></div></div><div class="para">
Some C constructs are defined to be undefined by the C standard. This does not only mean that the standard does not describe what happens when the construct is executed. It also allows optimizing compilers such as GCC to assume that this particular construct is never reached. In some cases, this has caused GCC to optimize security checks away. (This is not a flaw in GCC or the C language. But C certainly has some areas which are more difficult to use than others.)
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-CXX.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-CXX.html
index 20de6a3..3cb1ed7 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-CXX.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-CXX.html
@@ -6,21 +6,21 @@
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt01.html" title="Part I. Programming Languages" /><link rel="prev" href="sect-Defensive_Coding-C-Other.html" title="1.4. Other C-related topics" /><link rel="next" href="sect-Defensive_Coding-CXX-Std.html" title="2.2. The C++ standard library" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-C-Other.html"><strong>Prev</strong></a></li><li class="
next"><a accesskey="n" href="sect-Defensive_Coding-CXX-Std.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-CXX" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 2. The C++ Programming Language</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#sect-Defensive_Coding-CXX-Language">2.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#idm225451562352">2.1.1. Array allocation with <code class="literal">operator new[]</code></a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#idm225451560624">2.1.2. Overloading</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#idm225451563856">2.1.3. ABI compatibility and preparing for security updates</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html
#sect-Defensive_Coding-CXX-Language-CXX11">2.1.4. C++0X and C++11 support</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std.html">2.2. The C++ standard library</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std.html#sect-Defensive_Coding-CXX-Std-Functions">2.2.1. Functions that are difficult to use</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std-String.html">2.2.2. String handling with <code class="literal">std::string</code></a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std-Subscript.html">2.2.3. Containers and <code class="literal">operator[]</code></a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std-Iterators.html">2.2.4. Iterators</a></span></dt></dl></dd></dl></div><div xml:lang="en-US" class="section" id="sect-Defensive_Coding-CXX-Language" lang="en-US"><div class="titlepage"><div><div keep-together.withi
n-column="always"><h2 class="title">2.1. The core language</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt01.html" title="Part I. Programming Languages" /><link rel="prev" href="sect-Defensive_Coding-C-Other.html" title="1.4. Other C-related topics" /><link rel="next" href="sect-Defensive_Coding-CXX-Std.html" title="2.2. The C++ standard library" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-C-Other.html"><strong>Prev</strong></a></li><li class="
next"><a accesskey="n" href="sect-Defensive_Coding-CXX-Std.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-CXX" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 2. The C++ Programming Language</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#sect-Defensive_Coding-CXX-Language">2.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#idm225463017408">2.1.1. Array allocation with <code class="literal">operator new[]</code></a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#idm225463015536">2.1.2. Overloading</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#idm225463018768">2.1.3. ABI compatibility and preparing for security updates</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html
#sect-Defensive_Coding-CXX-Language-CXX11">2.1.4. C++0X and C++11 support</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std.html">2.2. The C++ standard library</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std.html#sect-Defensive_Coding-CXX-Std-Functions">2.2.1. Functions that are difficult to use</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std-String.html">2.2.2. String handling with <code class="literal">std::string</code></a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std-Subscript.html">2.2.3. Containers and <code class="literal">operator[]</code></a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std-Iterators.html">2.2.4. Iterators</a></span></dt></dl></dd></dl></div><div xml:lang="en-US" class="section" id="sect-Defensive_Coding-CXX-Language" lang="en-US"><div class="titlepage"><div><div keep-together.withi
n-column="always"><h2 class="title">2.1. The core language</h2></div></div></div><div class="para">
C++ includes a large subset of the C language. As far as the C subset is used, the recommendations in <a class="xref" href="chap-Defensive_Coding-C.html">Chapter 1, <em>The C Programming Language</em></a> apply.
- </div><div class="section" id="idm225451562352"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225451562352">2.1.1. Array allocation with <code class="literal">operator new[]</code></h3></div></div></div><div class="para">
+ </div><div class="section" id="idm225463017408"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225463017408">2.1.1. Array allocation with <code class="literal">operator new[]</code></h3></div></div></div><div class="para">
For very large values of <code class="literal">n</code>, an expression like <code class="literal">new T[n]</code> can return a pointer to a heap region which is too small. In other words, not all array elements are actually backed with heap memory reserved to the array. Current GCC versions generate code that performs a computation of the form <code class="literal">sizeof(T) * size_t(n) + cookie_size</code>, where <code class="literal">cookie_size</code> is currently at most 8. This computation can overflow, and GCC versions prior to 4.8 generated code which did not detect this. (Fedora 18 was the first release which fixed this in GCC.)
</div><div class="para">
The <code class="literal">std::vector</code> template can be used instead an explicit array allocation. (The GCC implementation detects overflow internally.)
</div><div class="para">
If there is no alternative to <code class="literal">operator new[]</code> and the sources will be compiled with older GCC versions, code which allocates arrays with a variable length must check for overflow manually. For the <code class="literal">new T[n]</code> example, the size check could be <code class="literal">n || (n > 0 && n > (size_t(-1) - 8) / sizeof(T))</code>. (See <a class="xref" href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Arithmetic">Section 1.1.3, “Recommendations for integer arithmetic”</a>.) If there are additional dimensions (which must be constants according to the C++ standard), these should be included as factors in the divisor.
</div><div class="para">
- These countermeasures prevent out-of-bounds writes and potential code execution. Very large memory allocations can still lead to a denial of service. <a class="xref" href="chap-Defensive_Coding-Tasks-Serialization.html#sect-Defensive_Coding-Tasks-Serialization-Decoders">Section 12.1, “Recommendations for manually written decoders”</a> contains suggestions for mitigating this problem when processing untrusted data.
+ These countermeasures prevent out-of-bounds writes and potential code execution. Very large memory allocations can still lead to a denial of service. <a class="xref" href="chap-Defensive_Coding-Tasks-Serialization.html#sect-Defensive_Coding-Tasks-Serialization-Decoders">Section 13.1, “Recommendations for manually written decoders”</a> contains suggestions for mitigating this problem when processing untrusted data.
</div><div class="para">
See <a class="xref" href="sect-Defensive_Coding-C-Allocators-Arrays.html">Section 1.3.3, “Array allocation”</a> for array allocation advice for C-style memory allocation.
- </div></div><div class="section" id="idm225451560624"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225451560624">2.1.2. Overloading</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225463015536"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225463015536">2.1.2. Overloading</h3></div></div></div><div class="para">
Do not overload functions with versions that have different security characteristics. For instance, do not implement a function <code class="function">strcat</code> which works on <span class="type">std::string</span> arguments. Similarly, do not name methods after such functions.
- </div></div><div class="section" id="idm225451563856"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225451563856">2.1.3. ABI compatibility and preparing for security updates</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225463018768"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225463018768">2.1.3. ABI compatibility and preparing for security updates</h3></div></div></div><div class="para">
A stable binary interface (ABI) is vastly preferred for security updates. Without a stable ABI, all reverse dependencies need recompiling, which can be a lot of work and could even be impossible in some cases. Ideally, a security update only updates a single dynamic shared object, and is picked up automatically after restarting affected processes.
</div><div class="para">
Outside of extremely performance-critical code, you should ensure that a wide range of changes is possible without breaking ABI. Some very basic guidelines are:
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Go-Error_Handling.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Go-Error_Handling.html
index f91ccac..9cd2fb2 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Go-Error_Handling.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Go-Error_Handling.html
@@ -1,18 +1,18 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>5.2. Error handling</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>6.2. Error handling</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Go.html" title="Chapter 5. The Go Programming Language" /><link rel="prev" href="chap-Defensive_Coding-Go.html" title="Chapter 5. The Go Programming Language" /><link rel="next" href="chap-Defensive_Coding-Go-Garbage_Collector.html" title="5.3. Garbage Collector" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Go.html"><str
ong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Go-Garbage_Collector.html"><strong>Next</strong></a></li></ul><div class="section" id="chap-Defensive_Coding-Go-Error_Handling"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">5.2. Error handling</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Go.html" title="Chapter 6. The Go Programming Language" /><link rel="prev" href="chap-Defensive_Coding-Go.html" title="Chapter 6. The Go Programming Language" /><link rel="next" href="chap-Defensive_Coding-Go-Garbage_Collector.html" title="6.3. Garbage Collector" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Go.html"><str
ong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Go-Garbage_Collector.html"><strong>Next</strong></a></li></ul><div class="section" id="chap-Defensive_Coding-Go-Error_Handling"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">6.2. Error handling</h2></div></div></div><div class="para">
Only a few common operations (such as pointer dereference, integer division, array subscripting) trigger exceptions in Go, called <span class="emphasis"><em>panics</em></span>. Most interfaces in the standard library use a separate return value of type <code class="literal">error</code> to signal error.
</div><div class="para">
Not checking error return values can lead to incorrect operation and data loss (especially in the case of writes, using interfaces such as <code class="literal">io.Writer</code>).
</div><div class="para">
- The correct way to check error return values depends on the function or method being called. In the majority of cases, the first step after calling a function should be an error check against the <code class="literal">nil</code> value, handling any encountered error. See <a class="xref" href="chap-Defensive_Coding-Go-Error_Handling.html#ex-Defensive_Coding-Go-Error_Handling-Regular">Example 5.1, “Regular error handling in Go”</a> for details.
- </div><div class="example" id="ex-Defensive_Coding-Go-Error_Handling-Regular"><h6>Example 5.1. Regular error handling in Go</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ The correct way to check error return values depends on the function or method being called. In the majority of cases, the first step after calling a function should be an error check against the <code class="literal">nil</code> value, handling any encountered error. See <a class="xref" href="chap-Defensive_Coding-Go-Error_Handling.html#ex-Defensive_Coding-Go-Error_Handling-Regular">Example 6.1, “Regular error handling in Go”</a> for details.
+ </div><div class="example" id="ex-Defensive_Coding-Go-Error_Handling-Regular"><h6>Example 6.1. Regular error handling in Go</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
type Processor interface {
Process(buf []byte) (message string, err error)
}
@@ -31,8 +31,8 @@ func RegularError(buf []byte, processor Processor,
<span class="perl_Keyword">return</span>
}
</pre></div></div><br class="example-break" /><div class="para">
- However, with <code class="literal">io.Reader</code>, <code class="literal">io.ReaderAt</code> and related interfaces, it is necessary to check for a non-zero number of read bytes first, as shown in <a class="xref" href="chap-Defensive_Coding-Go-Error_Handling.html#ex-Defensive_Coding-Go-Error_Handling-IO">Example 5.2, “Read error handling in Go”</a>. If this pattern is not followed, data loss may occur. This is due to the fact that the <code class="literal">io.Reader</code> interface permits returning both data and an error at the same time.
- </div><div class="example" id="ex-Defensive_Coding-Go-Error_Handling-IO"><h6>Example 5.2. Read error handling in Go</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ However, with <code class="literal">io.Reader</code>, <code class="literal">io.ReaderAt</code> and related interfaces, it is necessary to check for a non-zero number of read bytes first, as shown in <a class="xref" href="chap-Defensive_Coding-Go-Error_Handling.html#ex-Defensive_Coding-Go-Error_Handling-IO">Example 6.2, “Read error handling in Go”</a>. If this pattern is not followed, data loss may occur. This is due to the fact that the <code class="literal">io.Reader</code> interface permits returning both data and an error at the same time.
+ </div><div class="example" id="ex-Defensive_Coding-Go-Error_Handling-IO"><h6>Example 6.2. Read error handling in Go</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
func IOError(r io.Reader, buf []byte, processor Processor,
handler ErrorHandler) (message string, err error) {
n, err := r.Read(buf)
@@ -52,4 +52,4 @@ func IOError(r io.Reader, buf []byte, processor Processor,
}
<span class="perl_Keyword">return</span>
}
-</pre></div></div><br class="example-break" /></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Go.html"><strong>Prev</strong>Chapter 5. The Go Programming Language</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Go-Garbage_Collector.html"><strong>Next</strong>5.3. Garbage Collector</a></li></ul></body></html>
\ No newline at end of file
+</pre></div></div><br class="example-break" /></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Go.html"><strong>Prev</strong>Chapter 6. The Go Programming Language</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Go-Garbage_Collector.html"><strong>Next</strong>6.3. Garbage Collector</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Go-Garbage_Collector.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Go-Garbage_Collector.html
index 216f543..6e170c5 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Go-Garbage_Collector.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Go-Garbage_Collector.html
@@ -1,11 +1,11 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>5.3. Garbage Collector</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>6.3. Garbage Collector</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Go.html" title="Chapter 5. The Go Programming Language" /><link rel="prev" href="chap-Defensive_Coding-Go-Error_Handling.html" title="5.2. Error handling" /><link rel="next" href="chap-Defensive_Coding-Vala.html" title="Chapter 6. The Vala Programming Language" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Go-Error_Handli
ng.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Vala.html"><strong>Next</strong></a></li></ul><div class="section" id="chap-Defensive_Coding-Go-Garbage_Collector"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">5.3. Garbage Collector</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Go.html" title="Chapter 6. The Go Programming Language" /><link rel="prev" href="chap-Defensive_Coding-Go-Error_Handling.html" title="6.2. Error handling" /><link rel="next" href="chap-Defensive_Coding-Go-Marshaling.html" title="6.4. Marshaling and unmarshaling" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Go-Error_Handli
ng.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Go-Marshaling.html"><strong>Next</strong></a></li></ul><div class="section" id="chap-Defensive_Coding-Go-Garbage_Collector"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">6.3. Garbage Collector</h2></div></div></div><div class="para">
Older Go releases (before Go 1.3) use a conservative garbage collector without blacklisting. This means that data blobs can cause retention of unrelated data structures because the data is conservatively interpreted as pointers. This phenomenon can be triggered accidentally on 32-bit architectures and is more likely to occur if the heap grows larger. On 64-bit architectures, it may be possible to trigger it deliberately—it is unlikely to occur spontaneously.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Go-Error_Handling.html"><strong>Prev</strong>5.2. Error handling</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Vala.html"><strong>Next</strong>Chapter 6. The Vala Programming Language</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Go-Error_Handling.html"><strong>Prev</strong>6.2. Error handling</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Go-Marshaling.html"><strong>Next</strong>6.4. Marshaling and unmarshaling</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Go-Marshaling.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Go-Marshaling.html
new file mode 100644
index 0000000..917b39b
--- /dev/null
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Go-Marshaling.html
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>6.4. Marshaling and unmarshaling</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora_Security_Team');
+
+ addID('Fedora_Security_Team.1');
+
+ addID('Fedora_Security_Team.1.books');
+ addID('Fedora_Security_Team.1.Defensive_Coding');
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Go.html" title="Chapter 6. The Go Programming Language" /><link rel="prev" href="chap-Defensive_Coding-Go-Garbage_Collector.html" title="6.3. Garbage Collector" /><link rel="next" href="chap-Defensive_Coding-Vala.html" title="Chapter 7. The Vala Programming Language" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Go-Garbag
e_Collector.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Vala.html"><strong>Next</strong></a></li></ul><div class="section" id="chap-Defensive_Coding-Go-Marshaling"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">6.4. Marshaling and unmarshaling</h2></div></div></div><div class="para">
+ Several packages in the <code class="literal">encoding</code> hierarchy provide support for serialization and deserialization. The usual caveats apply (see <a class="xref" href="chap-Defensive_Coding-Tasks-Serialization.html">Chapter 13, <em>Serialization and Deserialization</em></a>).
+ </div><div class="para">
+ As an additional precaution, the <code class="function">Unmarshal</code> and <code class="function">Decode</code> functions should only be used with fresh values in the <code class="literal">interface{}</code> argument. This is due to the way defaults for missing values are implemented: During deserialization, missing value do not result in an error, but the original value is preserved. Using a fresh value (with suitable default values if necessary) ensures that data from a previous deserialization operation does not leak into the current one. This is especially relevant when structs are deserialized.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Go-Garbage_Collector.html"><strong>Prev</strong>6.3. Garbage Collector</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Vala.html"><strong>Next</strong>Chapter 7. The Vala Programming Language</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Go.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Go.html
index d2c9e47..6cf47b6 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Go.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Go.html
@@ -1,17 +1,17 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 5. The Go Programming Language</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 6. The Go Programming Language</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt01.html" title="Part I. Programming Languages" /><link rel="prev" href="ch04s03.html" title="4.3. Sandboxing" /><link rel="next" href="chap-Defensive_Coding-Go-Error_Handling.html" title="5.2. Error handling" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch04s03.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Go-Er
ror_Handling.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Go" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 5. The Go Programming Language</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-Go.html#chap-Defensive_Coding-Go-Memory_Safety">5.1. Memory safety</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Go-Error_Handling.html">5.2. Error handling</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Go-Garbage_Collector.html">5.3. Garbage Collector</a></span></dt></dl></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt01.html" title="Part I. Programming Languages" /><link rel="prev" href="sect-Defensive_Coding-Shell-Edit_Guard.html" title="5.6. Guarding shell scripts against changes" /><link rel="next" href="chap-Defensive_Coding-Go-Error_Handling.html" title="6.2. Error handling" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Shell-Edit_Guard.html"><strong
>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Go-Error_Handling.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Go" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 6. The Go Programming Language</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-Go.html#chap-Defensive_Coding-Go-Memory_Safety">6.1. Memory safety</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Go-Error_Handling.html">6.2. Error handling</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Go-Garbage_Collector.html">6.3. Garbage Collector</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Go-Marshaling.html">6.4. Marshaling and unmarshaling</a></span></dt></dl></div><div class="para">
This chapter contains language-specific recommendations for Go.
- </div><div class="section" id="chap-Defensive_Coding-Go-Memory_Safety"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">5.1. Memory safety</h2></div></div></div><div class="para">
+ </div><div class="section" id="chap-Defensive_Coding-Go-Memory_Safety"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">6.1. Memory safety</h2></div></div></div><div class="para">
Go provides memory safety, but only if the program is not executed in parallel (that is, <code class="envar">GOMAXPROCS</code> is not larger than <code class="literal">1</code>). The reason is that interface values and slices consist of multiple words are not updated atomically. Another thread of execution can observe an inconsistent pairing between type information and stored value (for interfaces) or pointer and length (for slices), and such inconsistency can lead to a memory safety violation.
</div><div class="para">
- Code which does not run in parallel and does not use the <code class="literal">unsafe</code> package (or other packages which expose unsafe constructs) is memory-safe. For example, invalid casts and out-of-range subscripting cause panics and run time.
+ Code which does not run in parallel and does not use the <code class="literal">unsafe</code> package (or other packages which expose unsafe constructs) is memory-safe. For example, invalid casts and out-of-range subscripting cause panics at run time.
</div><div class="para">
Keep in mind that finalization can introduce parallelism because finalizers are executed concurrently, potentially interleaved with the rest of the program.
- </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch04s03.html"><strong>Prev</strong>4.3. Sandboxing</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Go-Error_Handling.html"><strong>Next</strong>5.2. Error handling</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Shell-Edit_Guard.html"><strong>Prev</strong>5.6. Guarding shell scripts against changes</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Go-Error_Handling.html"><strong>Next</strong>6.2. Error handling</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Python.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Python.html
index b0a7d8f..8ee684f 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Python.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Python.html
@@ -6,18 +6,18 @@
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt01.html" title="Part I. Programming Languages" /><link rel="prev" href="sect-Defensive_Coding-Java-SecurityManager-Privileged.html" title="3.3.4. Re-gaining privileges" /><link rel="next" href="ch04s02.html" title="4.2. Run-time compilation and code generation" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Java-SecurityManager-Privileged.html
"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch04s02.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Python" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 4. The Python Programming Language</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-Python.html#idm225495658016">4.1. Dangerous standard library features</a></span></dt><dt><span class="section"><a href="ch04s02.html">4.2. Run-time compilation and code generation</a></span></dt><dt><span class="section"><a href="ch04s03.html">4.3. Sandboxing</a></span></dt></dl></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt01.html" title="Part I. Programming Languages" /><link rel="prev" href="sect-Defensive_Coding-Java-SecurityManager-Privileged.html" title="3.3.4. Re-gaining privileges" /><link rel="next" href="ch04s02.html" title="4.2. Run-time compilation and code generation" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Java-SecurityManager-Privileged.html
"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch04s02.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Python" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 4. The Python Programming Language</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-Python.html#idm225442540736">4.1. Dangerous standard library features</a></span></dt><dt><span class="section"><a href="ch04s02.html">4.2. Run-time compilation and code generation</a></span></dt><dt><span class="section"><a href="ch04s03.html">4.3. Sandboxing</a></span></dt></dl></div><div class="para">
Python provides memory safety by default, so low-level security vulnerabilities are rare and typically needs fixing the Python interpreter or standard library itself.
</div><div class="para">
Other sections with Python-specific advice include:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
- <a class="xref" href="chap-Defensive_Coding-Tasks-Temporary_Files.html">Chapter 10, <em>Temporary files</em></a>
+ <a class="xref" href="chap-Defensive_Coding-Tasks-Temporary_Files.html">Chapter 11, <em>Temporary files</em></a>
</div></li><li class="listitem"><div class="para">
- <a class="xref" href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-Creation">Section 11.1, “Safe process creation”</a>
+ <a class="xref" href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-Creation">Section 12.1, “Safe process creation”</a>
</div></li><li class="listitem"><div class="para">
- <a class="xref" href="chap-Defensive_Coding-Tasks-Serialization.html">Chapter 12, <em>Serialization and Deserialization</em></a>, in particular <a class="xref" href="ch12s04.html#sect-Defensive_Coding-Tasks-Serialization-Library">Section 12.4, “Library support for deserialization”</a>
+ <a class="xref" href="chap-Defensive_Coding-Tasks-Serialization.html">Chapter 13, <em>Serialization and Deserialization</em></a>, in particular <a class="xref" href="ch13s04.html#sect-Defensive_Coding-Tasks-Serialization-Library">Section 13.4, “Library support for deserialization”</a>
</div></li><li class="listitem"><div class="para">
- <a class="xref" href="ch13s02.html#sect-Defensive_Coding-Tasks-Cryptography-Randomness">Section 13.2, “Randomness”</a>
- </div></li></ul></div><div class="section" id="idm225495658016"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225495658016">4.1. Dangerous standard library features</h2></div></div></div><div class="para">
+ <a class="xref" href="ch14s02.html#sect-Defensive_Coding-Tasks-Cryptography-Randomness">Section 14.2, “Randomness”</a>
+ </div></li></ul></div><div class="section" id="idm225442540736"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225442540736">4.1. Dangerous standard library features</h2></div></div></div><div class="para">
Some areas of the standard library, notably the <code class="literal">ctypes</code> module, do not provide memory safety guarantees comparable to the rest of Python. If such functionality is used, the advice in <a class="xref" href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Language">Section 1.1, “The core language”</a> should be followed.
</div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Java-SecurityManager-Privileged.html"><strong>Prev</strong>3.3.4. Re-gaining privileges</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch04s02.html"><strong>Next</strong>4.2. Run-time compilation and code generation</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Shell.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Shell.html
new file mode 100644
index 0000000..6446d8b
--- /dev/null
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Shell.html
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 5. Shell Programming and bash</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora_Security_Team');
+
+ addID('Fedora_Security_Team.1');
+
+ addID('Fedora_Security_Team.1.books');
+ addID('Fedora_Security_Team.1.Defensive_Coding');
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt01.html" title="Part I. Programming Languages" /><link rel="prev" href="ch04s03.html" title="4.3. Sandboxing" /><link rel="next" href="sect-Defensive_Coding-Shell-Language.html" title="5.2. Shell language features" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch04s03.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding
-Shell-Language.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Shell" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 5. Shell Programming and <span class="application"><strong>bash</strong></span></h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-Shell.html#sect-Defensive_Coding-Shell-Alternatives">5.1. Consider alternatives</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Shell-Language.html">5.2. Shell language features</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Shell-Language.html#sect-Defensive_Coding-Shell-Parameter_Expansion">5.2.1. Parameter expansion</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Shell-Double_Expansion.html">5.2.2. Double expansion</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Shell-Obscure.html">
5.2.3. Other obscurities</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Shell-Invoke.html">5.3. Invoking external commands</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Shell-Temporary_Files.html">5.4. Temporary files</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Shell-Input_Validation.html">5.5. Performing input validation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Shell-Edit_Guard.html">5.6. Guarding shell scripts against changes</a></span></dt></dl></div><div class="para">
+ This chapter contains advice about shell programming, specifically in <span class="application"><strong>bash</strong></span>. Most of the advice will apply to scripts written for other shells because extensions such as integer or array variables have been implemented there as well, with comparable syntax.
+ </div><div class="section" id="sect-Defensive_Coding-Shell-Alternatives"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">5.1. Consider alternatives</h2></div></div></div><div class="para">
+ Once a shell script is so complex that advice in this chapter applies, it is time to step back and consider the question: Is there a more suitable implementation language available?
+ </div><div class="para">
+ For example, Python with its <code class="literal">subprocess</code> module can be used to write scripts which are almost as concise as shell scripts when it comes to invoking external programs, and Python offers richer data structures, with less arcane syntax and more consistent behavior.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch04s03.html"><strong>Prev</strong>4.3. Sandboxing</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Shell-Language.html"><strong>Next</strong>5.2. Shell language features</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-TLS.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-TLS.html
index 410fb21..6b12d4c 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-TLS.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-TLS.html
@@ -1,14 +1,14 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 16. Transport Layer Security</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 17. Transport Layer Security</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt03.html" title="Part III. Implementing Security Features" /><link rel="prev" href="sect-Defensive_Coding-Authentication-Netlink.html" title="15.4. AF_NETLINK authentication of origin" /><link rel="next" href="sect-Defensive_Coding-TLS-Client.html" title="16.2. TLS Clients" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Authentication-Netlink.h
tml"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-TLS" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 16. Transport Layer Security</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls">16.1. Common Pitfalls</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-OpenSSL">16.1.1. OpenSSL Pitfalls</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-GNUTLS">16.1.2. GNUTLS Pitfalls</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-OpenJDK">16.1.3. OpenJDK Pitfalls</a></span></dt><dt><span class="section"><
a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-NSS">16.1.4. NSS Pitfalls</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client.html">16.2. TLS Clients</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client.html#idm225494367168">16.2.1. Implementation TLS Clients With OpenSSL</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-GNUTLS.html">16.2.2. Implementation TLS Clients With GNUTLS</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-OpenJDK.html">16.2.3. Implementing TLS Clients With OpenJDK</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-NSS.html">16.2.4. Implementing TLS Clients With NSS</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-Python.html">16.2.5. Implementing TLS Clients With Python</a></span></dt></dl></dd></dl></div><div class="p
ara">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt03.html" title="Part III. Implementing Security Features" /><link rel="prev" href="sect-Defensive_Coding-Authentication-Netlink.html" title="16.4. AF_NETLINK authentication of origin" /><link rel="next" href="sect-Defensive_Coding-TLS-Client.html" title="17.2. TLS Clients" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Authentication-Netlink.h
tml"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-TLS" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 17. Transport Layer Security</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls">17.1. Common Pitfalls</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-OpenSSL">17.1.1. OpenSSL Pitfalls</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-GNUTLS">17.1.2. GNUTLS Pitfalls</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-OpenJDK">17.1.3. OpenJDK Pitfalls</a></span></dt><dt><span class="section"><
a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-NSS">17.1.4. NSS Pitfalls</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client.html">17.2. TLS Clients</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client.html#idm225439762448">17.2.1. Implementation TLS Clients With OpenSSL</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-GNUTLS.html">17.2.2. Implementation TLS Clients With GNUTLS</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-OpenJDK.html">17.2.3. Implementing TLS Clients With OpenJDK</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-NSS.html">17.2.4. Implementing TLS Clients With NSS</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-Python.html">17.2.5. Implementing TLS Clients With Python</a></span></dt></dl></dd></dl></div><div class="p
ara">
Transport Layer Security (TLS, formerly Secure Sockets Layer/SSL) is the recommended way to to protect integrity and confidentiality while data is transferred over an untrusted network connection, and to identify the endpoint.
- </div><div class="section" id="sect-Defensive_Coding-TLS-Pitfalls"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">16.1. Common Pitfalls</h2></div></div></div><div class="para">
+ </div><div class="section" id="sect-Defensive_Coding-TLS-Pitfalls"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">17.1. Common Pitfalls</h2></div></div></div><div class="para">
TLS implementations are difficult to use, and most of them lack a clean API design. The following sections contain implementation-specific advice, and some generic pitfalls are mentioned below.
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
Most TLS implementations have questionable default TLS cipher suites. Most of them enable anonymous Diffie-Hellman key exchange (but we generally want servers to authenticate themselves). Many do not disable ciphers which are subject to brute-force attacks because of restricted key lengths. Some even disable all variants of AES in the default configuration.
@@ -18,7 +18,7 @@
The name which is used in certificate validation must match the name provided by the user or configuration file. No host name canonicalization or IP address lookup must be performed.
</div></li><li class="listitem"><div class="para">
The TLS handshake has very poor performance if the TCP Nagle algorithm is active. You should switch on the <code class="literal">TCP_NODELAY</code> socket option (at least for the duration of the handshake), or use the Linux-specific <code class="literal">TCP_CORK</code> option.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Nagle"><h6>Example 16.1. Deactivating the TCP Nagle algorithm</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Nagle"><h6>Example 17.1. Deactivating the TCP Nagle algorithm</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_DataType">const</span> <span class="perl_DataType">int</span> val = <span class="perl_Float">1</span>;
<span class="perl_DataType">int</span> ret = setsockopt(sockfd, IPPROTO_TCP, TCP_NODELAY, &val, <span class="perl_Keyword">sizeof</span>(val));
<span class="perl_Keyword">if</span> (ret < 0) {
@@ -32,8 +32,8 @@
</div></li><li class="listitem"><div class="para">
When implementing a server using event-driven programming, it is important to handle the TLS handshake properly because it includes multiple network round-trips which can block when an ordinary TCP <code class="function">accept</code> would not. Otherwise, a client which fails to complete the TLS handshake for some reason will prevent the server from handling input from other clients.
</div></li><li class="listitem"><div class="para">
- Unlike regular file descriptors, TLS connections cannot be passed between processes. Some TLS implementations add additional restrictions, and TLS connections generally cannot be used across <code class="function">fork</code> function calls (see <a class="xref" href="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html">Section 11.6, “<code class="function">fork</code> as a primitive for parallelism”</a>).
- </div></li></ul></div><div class="section" id="sect-Defensive_Coding-TLS-OpenSSL"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">16.1.1. OpenSSL Pitfalls</h3></div></div></div><div class="para">
+ Unlike regular file descriptors, TLS connections cannot be passed between processes. Some TLS implementations add additional restrictions, and TLS connections generally cannot be used across <code class="function">fork</code> function calls (see <a class="xref" href="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html">Section 12.6, “<code class="function">fork</code> as a primitive for parallelism”</a>).
+ </div></li></ul></div><div class="section" id="sect-Defensive_Coding-TLS-OpenSSL"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">17.1.1. OpenSSL Pitfalls</h3></div></div></div><div class="para">
Some OpenSSL function use <span class="emphasis"><em>tri-state return values</em></span>. Correct error checking is extremely important. Several functions return <code class="literal">int</code> values with the following meaning:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
The value <code class="literal">1</code> indicates success (for example, a successful signature verification).
@@ -44,8 +44,8 @@
</div></li></ul></div><div class="para">
Treating such tri-state return values as booleans can lead to security vulnerabilities. Note that some OpenSSL functions return boolean results or yet another set of status indicators. Each function needs to be checked individually.
</div><div class="para">
- Recovering precise error information is difficult. <a class="xref" href="chap-Defensive_Coding-TLS.html#ex-Defensive_Coding-TLS-OpenSSL-Errors">Example 16.2, “Obtaining OpenSSL error codes”</a> shows how to obtain a more precise error code after a function call on an <code class="literal">SSL</code> object has failed. However, there are still cases where no detailed error information is available (e.g., if <code class="function">SSL_shutdown</code> fails due to a connection teardown by the other end).
- </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Errors"><h6>Example 16.2. Obtaining OpenSSL error codes</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ Recovering precise error information is difficult. <a class="xref" href="chap-Defensive_Coding-TLS.html#ex-Defensive_Coding-TLS-OpenSSL-Errors">Example 17.2, “Obtaining OpenSSL error codes”</a> shows how to obtain a more precise error code after a function call on an <code class="literal">SSL</code> object has failed. However, there are still cases where no detailed error information is available (e.g., if <code class="function">SSL_shutdown</code> fails due to a connection teardown by the other end).
+ </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Errors"><h6>Example 17.2. Obtaining OpenSSL error codes</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_DataType">static</span> <span class="perl_DataType">void</span> __attribute__((noreturn))
ssl_print_error_and_exit(SSL *ssl, <span class="perl_DataType">const</span> <span class="perl_DataType">char</span> *op, <span class="perl_DataType">int</span> ret)
{
@@ -85,7 +85,7 @@ ssl_print_error_and_exit(SSL *ssl, <span class="perl_DataType">const</span> <spa
The OpenSSL server and client applications (<code class="command">openssl s_client</code> and <code class="command">openssl s_server</code>) are debugging tools and should <span class="emphasis"><em>never</em></span> be used as generic clients. For instance, the <span class="application"><strong>s_client</strong></span> tool reacts in a surprisign way to lines starting with <code class="literal">R</code> and <code class="literal">Q</code>.
</div><div class="para">
OpenSSL allows application code to access private key material over documented interfaces. This can significantly increase the part of the code base which has to undergo security certification.
- </div></div><div class="section" id="sect-Defensive_Coding-TLS-Pitfalls-GNUTLS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">16.1.2. GNUTLS Pitfalls</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-TLS-Pitfalls-GNUTLS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">17.1.2. GNUTLS Pitfalls</h3></div></div></div><div class="para">
<code class="filename">libgnutls.so.26</code> links to <code class="filename">libpthread.so.0</code>. Loading the threading library too late causes problems, so the main program should be linked with <code class="literal">-lpthread</code> as well. As a result, it can be difficult to use GNUTLS in a plugin which is loaded with the <code class="function">dlopen</code> function. Another side effect is that applications which merely link against GNUTLS (even without actually using it) may incur a substantial overhead because other libraries automatically switch to thread-safe algorithms.
</div><div class="para">
The <code class="function">gnutls_global_init</code> function must be called before using any functionality provided by the library. This function is not thread-safe, so external locking is required, but it is not clear which lock should be used. Omitting the synchronization does not just lead to a memory leak, as it is suggested in the GNUTLS documentation, but to undefined behavior because there is no barrier that would enforce memory ordering.
@@ -93,16 +93,16 @@ ssl_print_error_and_exit(SSL *ssl, <span class="perl_DataType">const</span> <spa
The <code class="function">gnutls_global_deinit</code> function does not actually deallocate all resources allocated by <code class="function">gnutls_global_init</code>. It is currently not thread-safe. Therefore, it is best to avoid calling it altogether.
</div><div class="para">
The X.509 implementation in GNUTLS is rather lenient. For example, it is possible to create and process X.509 version 1 certificates which carry extensions. These certificates are (correctly) rejected by other implementations.
- </div></div><div class="section" id="sect-Defensive_Coding-TLS-Pitfalls-OpenJDK"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">16.1.3. OpenJDK Pitfalls</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-TLS-Pitfalls-OpenJDK"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">17.1.3. OpenJDK Pitfalls</h3></div></div></div><div class="para">
The Java cryptographic framework is highly modular. As a result, when you request an object implementing some cryptographic functionality, you cannot be completely sure that you end up with the well-tested, reviewed implementation in OpenJDK.
</div><div class="para">
OpenJDK (in the source code as published by Oracle) and other implementations of the Java platform require that the system administrator has installed so-called <span class="emphasis"><em>unlimited strength jurisdiction policy files</em></span>. Without this step, it is not possible to use the secure algorithms which offer sufficient cryptographic strength. Most downstream redistributors of OpenJDK remove this requirement.
</div><div class="para">
Some versions of OpenJDK use <code class="filename">/dev/random</code> as the randomness source for nonces and other random data which is needed for TLS operation, but does not actually require physical randomness. As a result, TLS applications can block, waiting for more bits to become available in <code class="filename">/dev/random</code>.
- </div></div><div class="section" id="sect-Defensive_Coding-TLS-Pitfalls-NSS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">16.1.4. NSS Pitfalls</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-TLS-Pitfalls-NSS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">17.1.4. NSS Pitfalls</h3></div></div></div><div class="para">
NSS was not designed to be used by other libraries which can be linked into applications without modifying them. There is a lot of global state. There does not seem to be a way to perform required NSS initialization without race conditions.
</div><div class="para">
If the NSPR descriptor is in an unexpected state, the <code class="function">SSL_ForceHandshake</code> function can succeed, but no TLS handshake takes place, the peer is not authenticated, and subsequent data is exchanged in the clear.
</div><div class="para">
NSS disables itself if it detects that the process underwent a <code class="function">fork</code> after the library has been initialized. This behavior is required by the PKCS#11 API specification.
- </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Authentication-Netlink.html"><strong>Prev</strong>15.4. AF_NETLINK authentication of origin</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client.html"><strong>Next</strong>16.2. TLS Clients</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Authentication-Netlink.html"><strong>Prev</strong>16.4. AF_NETLINK authentication of origin</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client.html"><strong>Next</strong>17.2. TLS Clients</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Cryptography.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Cryptography.html
index 89a08a8..49b06c1 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Cryptography.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Cryptography.html
@@ -1,12 +1,12 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 13. Cryptography</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 14. Cryptography</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt02.html" title="Part II. Specific Programming Tasks" /><link rel="prev" href="ch12s06.html" title="12.6. Protocol Encoders" /><link rel="next" href="ch13s02.html" title="13.2. Randomness" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch12s06.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch13s02.html"><strong>Next</strong></a></li></ul
><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-Cryptography" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 13. Cryptography</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Cryptography.html#idm225455032912">13.1. Primitives</a></span></dt><dt><span class="section"><a href="ch13s02.html">13.2. Randomness</a></span></dt></dl></div><div class="section" id="idm225455032912"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225455032912">13.1. Primitives</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt02.html" title="Part II. Specific Programming Tasks" /><link rel="prev" href="ch13s06.html" title="13.6. Protocol Encoders" /><link rel="next" href="ch14s02.html" title="14.2. Randomness" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch13s06.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch14s02.html"><strong>Next</strong></a></li></ul
><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-Cryptography" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 14. Cryptography</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Cryptography.html#idm225466783088">14.1. Primitives</a></span></dt><dt><span class="section"><a href="ch14s02.html">14.2. Randomness</a></span></dt></dl></div><div class="section" id="idm225466783088"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225466783088">14.1. Primitives</h2></div></div></div><div class="para">
Choosing from the following cryptographic primitives is recommended:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
RSA with 2048 bit keys and OAEP
@@ -35,5 +35,5 @@
</div></li><li class="listitem"><div class="para">
HMAC-MD5
</div></li></ul></div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
- These primitives are difficult to use in a secure way. Custom implementation of security protocols should be avoided. For protecting confidentiality and integrity of network transmissions, TLS should be used (<a class="xref" href="chap-Defensive_Coding-TLS.html">Chapter 16, <em>Transport Layer Security</em></a>).
- </div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch12s06.html"><strong>Prev</strong>12.6. Protocol Encoders</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch13s02.html"><strong>Next</strong>13.2. Randomness</a></li></ul></body></html>
\ No newline at end of file
+ These primitives are difficult to use in a secure way. Custom implementation of security protocols should be avoided. For protecting confidentiality and integrity of network transmissions, TLS should be used (<a class="xref" href="chap-Defensive_Coding-TLS.html">Chapter 17, <em>Transport Layer Security</em></a>).
+ </div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch13s06.html"><strong>Prev</strong>13.6. Protocol Encoders</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch14s02.html"><strong>Next</strong>14.2. Randomness</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-File_System.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-File_System.html
index 0b30370..3e9835e 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-File_System.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-File_System.html
@@ -1,17 +1,17 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 9. File system manipulation</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 10. File system manipulation</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt02.html" title="Part II. Specific Programming Tasks" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html" title="8.3. Dealing with the select limit" /><link rel="next" href="sect-Defensive_Coding-Tasks-File_System-Foreign.html" title="9.2. Accessing the file system as a different user" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defe
nsive_Coding-Tasks-Descriptors-Limit.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-File_System-Foreign.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-File_System" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 9. File system manipulation</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-File_System.html#sect-Defensive_Coding-Tasks-File_System-Unowned">9.1. Working with files and directories owned by other users</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Foreign.html">9.2. Accessing the file system as a different user</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Limits.html">9.3. File system limits</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tas
ks-File_System-Features.html">9.4. File system features</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Free_Space.html">9.5. Checking free space</a></span></dt></dl></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt02.html" title="Part II. Specific Programming Tasks" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html" title="9.3. Dealing with the select limit" /><link rel="next" href="sect-Defensive_Coding-Tasks-File_System-Foreign.html" title="10.2. Accessing the file system as a different user" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Def
ensive_Coding-Tasks-Descriptors-Limit.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-File_System-Foreign.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-File_System" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 10. File system manipulation</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-File_System.html#sect-Defensive_Coding-Tasks-File_System-Unowned">10.1. Working with files and directories owned by other users</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Foreign.html">10.2. Accessing the file system as a different user</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Limits.html">10.3. File system limits</a></span></dt><dt><span class="section"><a href="sect-Defensive_Codin
g-Tasks-File_System-Features.html">10.4. File system features</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Free_Space.html">10.5. Checking free space</a></span></dt></dl></div><div class="para">
In this chapter, we discuss general file system manipulation, with a focus on access files and directories to which an other, potentially untrusted user has write access.
</div><div class="para">
- Temporary files are covered in their own chapter, <a class="xref" href="chap-Defensive_Coding-Tasks-Temporary_Files.html">Chapter 10, <em>Temporary files</em></a>.
- </div><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Unowned"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">9.1. Working with files and directories owned by other users</h2></div></div></div><div class="para">
- Sometimes, it is necessary to operate on files and directories owned by other (potentially untrusted) users. For example, a system administrator could remove the home directory of a user, or a package manager could update a file in a directory which is owned by an application-specific user. This differs from accessing the file system as a specific user; see <a class="xref" href="sect-Defensive_Coding-Tasks-File_System-Foreign.html">Section 9.2, “Accessing the file system as a different user”</a>.
+ Temporary files are covered in their own chapter, <a class="xref" href="chap-Defensive_Coding-Tasks-Temporary_Files.html">Chapter 11, <em>Temporary files</em></a>.
+ </div><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Unowned"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">10.1. Working with files and directories owned by other users</h2></div></div></div><div class="para">
+ Sometimes, it is necessary to operate on files and directories owned by other (potentially untrusted) users. For example, a system administrator could remove the home directory of a user, or a package manager could update a file in a directory which is owned by an application-specific user. This differs from accessing the file system as a specific user; see <a class="xref" href="sect-Defensive_Coding-Tasks-File_System-Foreign.html">Section 10.2, “Accessing the file system as a different user”</a>.
</div><div class="para">
Accessing files across trust boundaries faces several challenges, particularly if an entire directory tree is being traversed:
</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
@@ -38,4 +38,4 @@
There is no workaround against the instability of the file list returned by <code class="function">readdir</code>. Concurrent modification of the directory can result in a list of files being returned which never actually existed on disk.
</div><div class="para">
Hard links and symbolic links can be safely deleted using <code class="function">unlinkat</code> without further checks because deletion only affects the name within the directory tree being processed.
- </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html"><strong>Prev</strong>8.3. Dealing with the select limit</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-File_System-Foreign.html"><strong>Next</strong>9.2. Accessing the file system as a different user</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html"><strong>Prev</strong>9.3. Dealing with the select limit</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-File_System-Foreign.html"><strong>Next</strong>10.2. Accessing the file system as a different us...</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Library_Design.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Library_Design.html
index d2c9bdc..38464c9 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Library_Design.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Library_Design.html
@@ -1,16 +1,16 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 7. Library Design</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 8. Library Design</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt02.html" title="Part II. Specific Programming Tasks" /><link rel="prev" href="pt02.html" title="Part II. Specific Programming Tasks" /><link rel="next" href="ch07s02.html" title="7.2. Object orientation" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="pt02.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch07s02.html"><strong>Next</strong
></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-Library_Design" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 7. Library Design</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Library_Design.html#idm225487651552">7.1. State management</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Library_Design.html#idm225491488784">7.1.1. Global state</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Library_Design.html#idm225448222624">7.1.2. Handles</a></span></dt></dl></dd><dt><span class="section"><a href="ch07s02.html">7.2. Object orientation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Library_Design-Callbacks.html">7.3. Callbacks</a></span></dt><dt><span class="section"><a href="ch07s04.html">7.4. Process attributes</a></span></dt></dl></div><div class
="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt02.html" title="Part II. Specific Programming Tasks" /><link rel="prev" href="pt02.html" title="Part II. Specific Programming Tasks" /><link rel="next" href="ch08s02.html" title="8.2. Object orientation" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="pt02.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch08s02.html"><strong>Next</strong
></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-Library_Design" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 8. Library Design</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Library_Design.html#idm225456690032">8.1. State management</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Library_Design.html#idm225458399616">8.1.1. Global state</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Library_Design.html#idm225451977760">8.1.2. Handles</a></span></dt></dl></dd><dt><span class="section"><a href="ch08s02.html">8.2. Object orientation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Library_Design-Callbacks.html">8.3. Callbacks</a></span></dt><dt><span class="section"><a href="ch08s04.html">8.4. Process attributes</a></span></dt></dl></div><div class
="para">
Throught this section, the term <span class="emphasis"><em>client code</em></span> refers to applications and other libraries using the library.
- </div><div class="section" id="idm225487651552"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225487651552">7.1. State management</h2></div></div></div><div class="para">
+ </div><div class="section" id="idm225456690032"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225456690032">8.1. State management</h2></div></div></div><div class="para">
- </div><div class="section" id="idm225491488784"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225491488784">7.1.1. Global state</h3></div></div></div><div class="para">
+ </div><div class="section" id="idm225458399616"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225458399616">8.1.1. Global state</h3></div></div></div><div class="para">
Global state should be avoided.
</div><div class="para">
If this is impossible, the global state must be protected with a lock. For C/C++, you can use the <code class="function">pthread_mutex_lock</code> and <code class="function">pthread_mutex_unlock</code> functions without linking against <code class="literal">-lpthread</code> because the system provides stubs for non-threaded processes.
@@ -18,7 +18,7 @@
For compatibility with <code class="function">fork</code>, these locks should be acquired and released in helpers registered with <code class="function">pthread_atfork</code>. This function is not available without <code class="literal">-lpthread</code>, so you need to use <code class="function">dlsym</code> or a weak symbol to obtain its address.
</div><div class="para">
If you need <code class="function">fork</code> protection for other reasons, you should store the process ID and compare it to the value returned by <code class="function">getpid</code> each time you access the global state. (<code class="function">getpid</code> is not implemented as a system call and is fast.) If the value changes, you know that you have to re-create the state object. (This needs to be combined with locking, of course.)
- </div></div><div class="section" id="idm225448222624"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225448222624">7.1.2. Handles</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225451977760"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225451977760">8.1.2. Handles</h3></div></div></div><div class="para">
Library state should be kept behind a curtain. Client code should receive only a handle. In C, the handle can be a pointer to an incomplete <code class="literal">struct</code>. In C++, the handle can be a pointer to an abstract base class, or it can be hidden using the pointer-to-implementation idiom.
</div><div class="para">
The library should provide functions for creating and destroying handles. (In C++, it is possible to use virtual destructors for the latter.) Consistency between creation and destruction of handles is strongly recommended: If the client code created a handle, it is the responsibility of the client code to destroy it. (This is not always possible or convenient, so sometimes, a transfer of ownership has to happen.)
@@ -26,4 +26,4 @@
Using handles ensures that it is possible to change the way the library represents state in a way that is transparent to client code. This is important to facilitate security updates and many other code changes.
</div><div class="para">
It is not always necessary to protect state behind a handle with a lock. This depends on the level of thread safety the library provides.
- </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="pt02.html"><strong>Prev</strong>Part II. Specific Programming Tasks</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch07s02.html"><strong>Next</strong>7.2. Object orientation</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="pt02.html"><strong>Prev</strong>Part II. Specific Programming Tasks</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch08s02.html"><strong>Next</strong>8.2. Object orientation</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Packaging.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Packaging.html
index ca6f504..5fad03a 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Packaging.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Packaging.html
@@ -1,15 +1,15 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 14. RPM packaging</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 15. RPM packaging</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt02.html" title="Part II. Specific Programming Tasks" /><link rel="prev" href="ch13s02.html" title="13.2. Randomness" /><link rel="next" href="sect-Defensive_Coding-Tasks-Packaging-Certificates-Service.html" title="14.2. Generating X.509 self-signed certificates before service start" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch13s02.html"><strong>Prev</strong><
/a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Packaging-Certificates-Service.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-Packaging" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 14. RPM packaging</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Packaging.html#sect-Defensive_Coding-Tasks-Packaging-Certificates">14.1. Generating X.509 self-signed certificates during installation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Packaging-Certificates-Service.html">14.2. Generating X.509 self-signed certificates before service start</a></span></dt></dl></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt02.html" title="Part II. Specific Programming Tasks" /><link rel="prev" href="ch14s02.html" title="14.2. Randomness" /><link rel="next" href="sect-Defensive_Coding-Tasks-Packaging-Certificates-Service.html" title="15.2. Generating X.509 self-signed certificates before service start" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch14s02.html"><strong>Prev</strong><
/a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Packaging-Certificates-Service.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-Packaging" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 15. RPM packaging</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Packaging.html#sect-Defensive_Coding-Tasks-Packaging-Certificates">15.1. Generating X.509 self-signed certificates during installation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Packaging-Certificates-Service.html">15.2. Generating X.509 self-signed certificates before service start</a></span></dt></dl></div><div class="para">
This chapter deals with security-related concerns around RPM packaging. It has to be read in conjunction with distribution-specific packaging guidelines.
- </div><div class="section" id="sect-Defensive_Coding-Tasks-Packaging-Certificates"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">14.1. Generating X.509 self-signed certificates during installation</h2></div></div></div><div class="para">
- Some applications need X.509 certificates for authentication purposes. For example, a single private/public key pair could be used to define cluster membership, enabling authentication and encryption of all intra-cluster communication. (Lack of certification from a CA matters less in such a context.) For such use, generating the key pair at package installation time when preparing system images for use in the cluster is reasonable. For other use cases, it is necessary to generate the key pair before the service is started for the first time, see <a class="xref" href="sect-Defensive_Coding-Tasks-Packaging-Certificates-Service.html">Section 14.2, “Generating X.509 self-signed certificates before service start”</a>.
+ </div><div class="section" id="sect-Defensive_Coding-Tasks-Packaging-Certificates"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">15.1. Generating X.509 self-signed certificates during installation</h2></div></div></div><div class="para">
+ Some applications need X.509 certificates for authentication purposes. For example, a single private/public key pair could be used to define cluster membership, enabling authentication and encryption of all intra-cluster communication. (Lack of certification from a CA matters less in such a context.) For such use, generating the key pair at package installation time when preparing system images for use in the cluster is reasonable. For other use cases, it is necessary to generate the key pair before the service is started for the first time, see <a class="xref" href="sect-Defensive_Coding-Tasks-Packaging-Certificates-Service.html">Section 15.2, “Generating X.509 self-signed certificates before service start”</a>.
</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
The way the key is generated may not be suitable for key material of critical value. (<code class="command">openssl genrsa</code> uses, but does not require, entropy from a physical source of randomness, among other things.) Such keys should be stored in a hardware security module if possible, and generated from random bits reserved for this purpose derived from a non-deterministic physical source.
</div></div></div><div class="para">
@@ -24,8 +24,8 @@
</pre></div><div class="para">
These variables likely need adjustment based on the needs of the package.
</div><div class="para">
- Typically, the file with the private key needs to be owned by the system user which needs to read it, <code class="literal">%{tlsuser}</code> (not <code class="literal">root</code>). In order to avoid races, if the <span class="emphasis"><em>directory</em></span> <code class="literal">%{tlsdir}</code> is <span class="emphasis"><em>owned by the services user</em></span>, you should use the code in <a class="xref" href="chap-Defensive_Coding-Tasks-Packaging.html#ex-Defensive_Coding-Packaging-Certificates-Owned">Example 14.1, “Creating a key pair in a user-owned directory”</a>. The invocation of <span class="application"><strong>su</strong></span> with the <code class="option">-s /bin/bash</code> argument is necessary in case the login shell for the user has been disabled.
- </div><div class="example" id="ex-Defensive_Coding-Packaging-Certificates-Owned"><h6>Example 14.1. Creating a key pair in a user-owned directory</h6><div class="example-contents"><pre class="programlisting">
+ Typically, the file with the private key needs to be owned by the system user which needs to read it, <code class="literal">%{tlsuser}</code> (not <code class="literal">root</code>). In order to avoid races, if the <span class="emphasis"><em>directory</em></span> <code class="literal">%{tlsdir}</code> is <span class="emphasis"><em>owned by the services user</em></span>, you should use the code in <a class="xref" href="chap-Defensive_Coding-Tasks-Packaging.html#ex-Defensive_Coding-Packaging-Certificates-Owned">Example 15.1, “Creating a key pair in a user-owned directory”</a>. The invocation of <span class="application"><strong>su</strong></span> with the <code class="option">-s /bin/bash</code> argument is necessary in case the login shell for the user has been disabled.
+ </div><div class="example" id="ex-Defensive_Coding-Packaging-Certificates-Owned"><h6>Example 15.1. Creating a key pair in a user-owned directory</h6><div class="example-contents"><pre class="programlisting">
%post
<span class="perl_Keyword">if</span><span class="perl_Reserved"> [</span> <span class="perl_Others">$1</span> -eq 1<span class="perl_Reserved"> ]</span> ; <span class="perl_Keyword">then</span>
<span class="perl_Keyword">if</span> ! <span class="perl_Reserved">test</span> -e %<span class="perl_DataType">{tlskey}</span> ; <span class="perl_Keyword">then</span>
@@ -49,8 +49,8 @@
</pre></div></div><br class="example-break" /><div class="para">
The files containing the key material are marked as ghost configuration files. This ensures that they are tracked in the RPM database as associated with the package, but RPM will not create them when the package is installed and not verify their contents (the <code class="literal">%ghost</code>), or delete the files when the package is uninstalled (the <code class="literal">%config(noreplace)</code> part).
</div><div class="para">
- If the <span class="emphasis"><em>directory</em></span> <code class="literal">%{tlsdir}</code> <span class="emphasis"><em>is owned by</em></span> <code class="literal">root</code>, use the code in <a class="xref" href="chap-Defensive_Coding-Tasks-Packaging.html#ex-Defensive_Coding-Packaging-Certificates-Unowned">Example 14.2, “Creating a key pair in a <code class="literal">root</code>-owned directory”</a>.
- </div><div class="example" id="ex-Defensive_Coding-Packaging-Certificates-Unowned"><h6>Example 14.2. Creating a key pair in a <code class="literal">root</code>-owned directory</h6><div class="example-contents"><pre class="programlisting">
+ If the <span class="emphasis"><em>directory</em></span> <code class="literal">%{tlsdir}</code> <span class="emphasis"><em>is owned by</em></span> <code class="literal">root</code>, use the code in <a class="xref" href="chap-Defensive_Coding-Tasks-Packaging.html#ex-Defensive_Coding-Packaging-Certificates-Unowned">Example 15.2, “Creating a key pair in a <code class="literal">root</code>-owned directory”</a>.
+ </div><div class="example" id="ex-Defensive_Coding-Packaging-Certificates-Unowned"><h6>Example 15.2. Creating a key pair in a <code class="literal">root</code>-owned directory</h6><div class="example-contents"><pre class="programlisting">
%post
<span class="perl_Keyword">if</span><span class="perl_Reserved"> [</span> <span class="perl_Others">$1</span> -eq 1<span class="perl_Reserved"> ]</span> ; <span class="perl_Keyword">then</span>
<span class="perl_Keyword">if</span> ! <span class="perl_Reserved">test</span> -e %<span class="perl_DataType">{tlskey}</span> ; <span class="perl_Keyword">then</span>
@@ -70,4 +70,4 @@
%ghost %attr<span class="perl_Keyword">(</span>0644,root,root<span class="perl_Keyword">)</span> %config<span class="perl_Keyword">(</span>noreplace<span class="perl_Keyword">)</span> %<span class="perl_DataType">{tlscert}</span>
</pre></div></div><br class="example-break" /><div class="para">
In order for this to work, the package which generates the keys must require the <span class="application"><strong>openssl</strong></span> package. If the user which owns the key file is generated by a different package, the package generating the certificate must specify a <code class="literal">Requires(pre):</code> on the package which creates the user. This ensures that the user account will exist when it is needed for the <span class="application"><strong>su</strong></span> or <span class="application"><strong>chmod</strong></span> invocation.
- </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch13s02.html"><strong>Prev</strong>13.2. Randomness</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Packaging-Certificates-Service.html"><strong>Next</strong>14.2. Generating X.509 self-signed certificates b...</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch14s02.html"><strong>Prev</strong>14.2. Randomness</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Packaging-Certificates-Service.html"><strong>Next</strong>15.2. Generating X.509 self-signed certificates b...</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Serialization.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Serialization.html
index 90d13dd..52548db 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Serialization.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Serialization.html
@@ -1,15 +1,15 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 12. Serialization and Deserialization</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 13. Serialization and Deserialization</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt02.html" title="Part II. Specific Programming Tasks" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html" title="11.6. fork as a primitive for parallelism" /><link rel="next" href="ch12s02.html" title="12.2. Protocol design" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html"><strong
>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch12s02.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-Serialization" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 12. Serialization and Deserialization</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Serialization.html#sect-Defensive_Coding-Tasks-Serialization-Decoders">12.1. Recommendations for manually written decoders</a></span></dt><dt><span class="section"><a href="ch12s02.html">12.2. Protocol design</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html">12.3. Fragmentation</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html#sect-Defensive_Coding-Tasks-Serialization-Fragmentation-ID">12.3.1. Fragment IDs</a></span></dt></dl><
/dd><dt><span class="section"><a href="ch12s04.html">12.4. Library support for deserialization</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML.html">12.5. XML serialization</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML.html#sect-Defensive_Coding-Tasks-Serialization-XML-External">12.5.1. External references</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html">12.5.2. Entity expansion</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html">12.5.3. XInclude processing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html">12.5.4. Algorithmic complexity of XML validation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html">12.5.5. Using Expat for XML pa
rsing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-Qt.html">12.5.6. Using Qt for XML parsing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html">12.5.7. Using OpenJDK for XML parsing and validation</a></span></dt></dl></dd><dt><span class="section"><a href="ch12s06.html">12.6. Protocol Encoders</a></span></dt></dl></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt02.html" title="Part II. Specific Programming Tasks" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html" title="12.6. fork as a primitive for parallelism" /><link rel="next" href="ch13s02.html" title="13.2. Protocol design" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html"><strong
>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch13s02.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-Serialization" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 13. Serialization and Deserialization</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Serialization.html#sect-Defensive_Coding-Tasks-Serialization-Decoders">13.1. Recommendations for manually written decoders</a></span></dt><dt><span class="section"><a href="ch13s02.html">13.2. Protocol design</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html">13.3. Fragmentation</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html#sect-Defensive_Coding-Tasks-Serialization-Fragmentation-ID">13.3.1. Fragment IDs</a></span></dt></dl><
/dd><dt><span class="section"><a href="ch13s04.html">13.4. Library support for deserialization</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML.html">13.5. XML serialization</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML.html#sect-Defensive_Coding-Tasks-Serialization-XML-External">13.5.1. External references</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html">13.5.2. Entity expansion</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html">13.5.3. XInclude processing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html">13.5.4. Algorithmic complexity of XML validation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html">13.5.5. Using Expat for XML pa
rsing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-Qt.html">13.5.6. Using Qt for XML parsing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html">13.5.7. Using OpenJDK for XML parsing and validation</a></span></dt></dl></dd><dt><span class="section"><a href="ch13s06.html">13.6. Protocol Encoders</a></span></dt></dl></div><div class="para">
Protocol decoders and file format parsers are often the most-exposed part of an application because they are exposed with little or no user interaction and before any authentication and security checks are made. They are also difficult to write robustly in languages which are not memory-safe.
- </div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-Decoders"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">12.1. Recommendations for manually written decoders</h2></div></div></div><div class="para">
+ </div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-Decoders"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">13.1. Recommendations for manually written decoders</h2></div></div></div><div class="para">
For C and C++, the advice in <a class="xref" href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Pointers">Section 1.1.2, “Recommendations for pointers and array handling”</a> applies. In addition, avoid non-character pointers directly into input buffers. Pointer misalignment causes crashes on some architectures.
</div><div class="para">
When reading variable-sized objects, do not allocate large amounts of data solely based on the value of a size field. If possible, grow the data structure as more data is read from the source, and stop when no data is available. This helps to avoid denial-of-service attacks where little amounts of input data results in enormous memory allocations during decoding. Alternatively, you can impose reasonable bounds on memory allocations, but some protocols do not permit this.
- </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html"><strong>Prev</strong>11.6. fork as a primitive for parallelism</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch12s02.html"><strong>Next</strong>12.2. Protocol design</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html"><strong>Prev</strong>12.6. fork as a primitive for parallelism</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch13s02.html"><strong>Next</strong>13.2. Protocol design</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Temporary_Directory.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Temporary_Directory.html
index d04c5f5..9387a21 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Temporary_Directory.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Temporary_Directory.html
@@ -1,15 +1,15 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.4. Temporary directories</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>11.4. Temporary directories</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Temporary_Files.html" title="Chapter 10. Temporary files" /><link rel="prev" href="ch10s03.html" title="10.3. Temporary files without names" /><link rel="next" href="ch10s05.html" title="10.5. Compensating for unsafe file creation" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch10s03.html"><strong>Prev</strong></a></li><li class="next"><
a accesskey="n" href="ch10s05.html"><strong>Next</strong></a></li></ul><div class="section" id="chap-Defensive_Coding-Tasks-Temporary_Directory"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">10.4. Temporary directories</h2></div></div></div><div class="para">
- The <code class="function">mkdtemp</code> function can be used to create a temporary directory. (For determining the directory part of the file name pattern, see <a class="xref" href="chap-Defensive_Coding-Tasks-Temporary_Files.html#chap-Defensive_Coding-Tasks-Temporary_Files-Location">Section 10.1, “Obtaining the location of temporary directory”</a>.) The directory is not automatically removed. In Python, this function is available as <code class="function">tempfile.mkdtemp</code>. In Java 7, temporary directories can be created using the <code class="function">java.nio.file.Files.createTempDirectory(Path, String, FileAttribute...)</code> function.
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Temporary_Files.html" title="Chapter 11. Temporary files" /><link rel="prev" href="ch11s03.html" title="11.3. Temporary files without names" /><link rel="next" href="ch11s05.html" title="11.5. Compensating for unsafe file creation" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch11s03.html"><strong>Prev</strong></a></li><li class="next"><
a accesskey="n" href="ch11s05.html"><strong>Next</strong></a></li></ul><div class="section" id="chap-Defensive_Coding-Tasks-Temporary_Directory"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">11.4. Temporary directories</h2></div></div></div><div class="para">
+ The <code class="function">mkdtemp</code> function can be used to create a temporary directory. (For determining the directory part of the file name pattern, see <a class="xref" href="chap-Defensive_Coding-Tasks-Temporary_Files.html#chap-Defensive_Coding-Tasks-Temporary_Files-Location">Section 11.1, “Obtaining the location of temporary directory”</a>.) The directory is not automatically removed. In Python, this function is available as <code class="function">tempfile.mkdtemp</code>. In Java 7, temporary directories can be created using the <code class="function">java.nio.file.Files.createTempDirectory(Path, String, FileAttribute...)</code> function.
</div><div class="para">
When creating files in the temporary directory, use automatically generated names, e.g., derived from a sequential counter. Files with externally provided names could be picked up in unexpected contexts, and crafted names could actually point outside of the tempoary directory (due to <span class="emphasis"><em>directory traversal</em></span>).
</div><div class="para">
Removing a directory tree in a completely safe manner is complicated. Unless there are overriding performance concerns, the <span class="application"><strong>rm</strong></span> program should be used, with the <code class="option">-rf</code> and <code class="option">--</code> options.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch10s03.html"><strong>Prev</strong>10.3. Temporary files without names</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch10s05.html"><strong>Next</strong>10.5. Compensating for unsafe file creation</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch11s03.html"><strong>Prev</strong>11.3. Temporary files without names</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch11s05.html"><strong>Next</strong>11.5. Compensating for unsafe file creation</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Temporary_Files.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Temporary_Files.html
index c867811..d893fbe 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Temporary_Files.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Tasks-Temporary_Files.html
@@ -1,17 +1,17 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 10. Temporary files</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 11. Temporary files</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt02.html" title="Part II. Specific Programming Tasks" /><link rel="prev" href="sect-Defensive_Coding-Tasks-File_System-Free_Space.html" title="9.5. Checking free space" /><link rel="next" href="ch10s02.html" title="10.2. Named temporary files" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-File_System-Free_Space.html"><strong>Prev</strong
></a></li><li class="next"><a accesskey="n" href="ch10s02.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-Temporary_Files" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 10. Temporary files</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Temporary_Files.html#chap-Defensive_Coding-Tasks-Temporary_Files-Location">10.1. Obtaining the location of temporary directory</a></span></dt><dt><span class="section"><a href="ch10s02.html">10.2. Named temporary files</a></span></dt><dt><span class="section"><a href="ch10s03.html">10.3. Temporary files without names</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Temporary_Directory.html">10.4. Temporary directories</a></span></dt><dt><span class="section"><a href="ch10s05.html">10.5. Compensating for unsafe file creation</a></span></dt></dl></div><div c
lass="para">
- In this chapter, we describe how to create temporary files and directories, how to remove them, and how to work with programs which do not create files in ways that are safe with a shared directory for temporary files. General file system manipulation is treated in a separate chapter, <a class="xref" href="chap-Defensive_Coding-Tasks-File_System.html">Chapter 9, <em>File system manipulation</em></a>.
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt02.html" title="Part II. Specific Programming Tasks" /><link rel="prev" href="sect-Defensive_Coding-Tasks-File_System-Free_Space.html" title="10.5. Checking free space" /><link rel="next" href="ch11s02.html" title="11.2. Named temporary files" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-File_System-Free_Space.html"><strong>Prev</stron
g></a></li><li class="next"><a accesskey="n" href="ch11s02.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Tasks-Temporary_Files" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 11. Temporary files</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Temporary_Files.html#chap-Defensive_Coding-Tasks-Temporary_Files-Location">11.1. Obtaining the location of temporary directory</a></span></dt><dt><span class="section"><a href="ch11s02.html">11.2. Named temporary files</a></span></dt><dt><span class="section"><a href="ch11s03.html">11.3. Temporary files without names</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Temporary_Directory.html">11.4. Temporary directories</a></span></dt><dt><span class="section"><a href="ch11s05.html">11.5. Compensating for unsafe file creation</a></span></dt></dl></div><div
class="para">
+ In this chapter, we describe how to create temporary files and directories, how to remove them, and how to work with programs which do not create files in ways that are safe with a shared directory for temporary files. General file system manipulation is treated in a separate chapter, <a class="xref" href="chap-Defensive_Coding-Tasks-File_System.html">Chapter 10, <em>File system manipulation</em></a>.
</div><div class="para">
Secure creation of temporary files has four different aspects.
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
- The location of the directory for temporary files must be obtained in a secure manner (that is, untrusted environment variables must be ignored, see <a class="xref" href="ch11s03.html#sect-Defensive_Coding-Tasks-secure_getenv">Section 11.3.1, “Accessing environment variables”</a>).
+ The location of the directory for temporary files must be obtained in a secure manner (that is, untrusted environment variables must be ignored, see <a class="xref" href="ch12s03.html#sect-Defensive_Coding-Tasks-secure_getenv">Section 12.3.1, “Accessing environment variables”</a>).
</div></li><li class="listitem"><div class="para">
A new file must be created. Reusing an existing file must be avoided (the <code class="filename">/tmp</code> race condition). This is tricky because traditionally, system-wide temporary directories shared by all users are used.
</div></li><li class="listitem"><div class="para">
@@ -22,7 +22,7 @@
All functions mentioned below will take care of these aspects.
</div><div class="para">
Traditionally, temporary files are often used to reduce memory usage of programs. More and more systems use RAM-based file systems such as <code class="literal">tmpfs</code> for storing temporary files, to increase performance and decrease wear on Flash storage. As a result, spooling data to temporary files does not result in any memory savings, and the related complexity can be avoided if the data is kept in process memory.
- </div><div class="section" id="chap-Defensive_Coding-Tasks-Temporary_Files-Location"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">10.1. Obtaining the location of temporary directory</h2></div></div></div><div class="para">
+ </div><div class="section" id="chap-Defensive_Coding-Tasks-Temporary_Files-Location"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">11.1. Obtaining the location of temporary directory</h2></div></div></div><div class="para">
Some functions below need the location of a directory which stores temporary files. For C/C++ programs, use the following steps to obtain that directory:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
Use <code class="function">secure_getenv</code> to obtain the value of the <code class="literal">TMPDIR</code> environment variable. If it is set, convert the path to a fully-resolved absolute path, using <code class="literal">realpath(path, NULL)</code>. Check if the new path refers to a directory and is writeable. In this case, use it as the temporary directory.
@@ -32,4 +32,4 @@
In Python, you can use the <code class="varname">tempfile.tempdir</code> variable.
</div><div class="para">
Java does not support SUID/SGID programs, so you can use the <code class="function">java.lang.System.getenv(String)</code> method to obtain the value of the <code class="literal">TMPDIR</code> environment variable, and follow the two steps described above. (Java's default directory selection does not honor <code class="literal">TMPDIR</code>.)
- </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-File_System-Free_Space.html"><strong>Prev</strong>9.5. Checking free space</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch10s02.html"><strong>Next</strong>10.2. Named temporary files</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-File_System-Free_Space.html"><strong>Prev</strong>10.5. Checking free space</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch11s02.html"><strong>Next</strong>11.2. Named temporary files</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Vala.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Vala.html
index dc00323..d6a10e2 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Vala.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/chap-Defensive_Coding-Vala.html
@@ -1,12 +1,12 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 6. The Vala Programming Language</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 7. The Vala Programming Language</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt01.html" title="Part I. Programming Languages" /><link rel="prev" href="chap-Defensive_Coding-Go-Garbage_Collector.html" title="5.3. Garbage Collector" /><link rel="next" href="pt02.html" title="Part II. Specific Programming Tasks" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Go-Garbage_Collector.html"><strong>Prev</strong></a></li><li clas
s="next"><a accesskey="n" href="pt02.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Vala" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 6. The Vala Programming Language</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt01.html" title="Part I. Programming Languages" /><link rel="prev" href="chap-Defensive_Coding-Go-Marshaling.html" title="6.4. Marshaling and unmarshaling" /><link rel="next" href="pt02.html" title="Part II. Specific Programming Tasks" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Go-Marshaling.html"><strong>Prev</strong></a></li><li class="n
ext"><a accesskey="n" href="pt02.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="chap-Defensive_Coding-Vala" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 7. The Vala Programming Language</h2></div></div></div><div class="para">
Vala is a programming language mainly targeted at GNOME developers.
</div><div class="para">
Its syntax is inspired by C# (and thus, indirectly, by Java). But unlike C# and Java, Vala does not attempt to provide memory safety: Vala is compiled to C, and the C code is compiled with GCC using typical compiler flags. Basic operations like integer arithmetic are directly mapped to C constructs. As a results, the recommendations in <a class="xref" href="chap-Defensive_Coding-C.html">Chapter 1, <em>The C Programming Language</em></a> apply.
@@ -18,4 +18,4 @@
Pointer arithmetic, string subscripting and the <code class="literal">substring</code> method on strings (the <code class="literal">string</code> class in the <code class="literal">glib-2.0</code> package) are not range-checked. It is the responsibility of the calling code to ensure that the arguments being passed are valid. This applies even to cases (like <code class="literal">substring</code>) where the implementation would have range information to check the validity of indexes. See <a class="xref" href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Pointers">Section 1.1.2, “Recommendations for pointers and array handling”</a>.
</div></li><li class="listitem"><div class="para">
Similarly, Vala only performs garbage collection (through reference counting) for <code class="literal">GObject</code> values. For plain C pointers (such as strings), the programmer has to ensure that storage is deallocated once it is no longer needed (to avoid memory leaks), and that storage is not being deallocated while it is still being used (see <a class="xref" href="sect-Defensive_Coding-C-Allocators.html#sect-Defensive_Coding-C-Use-After-Free">Section 1.3.1.1, “Use-after-free errors”</a>).
- </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Go-Garbage_Collector.html"><strong>Prev</strong>5.3. Garbage Collector</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="pt02.html"><strong>Next</strong>Part II. Specific Programming Tasks</a></li></ul></body></html>
\ No newline at end of file
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Go-Marshaling.html"><strong>Prev</strong>6.4. Marshaling and unmarshaling</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="pt02.html"><strong>Next</strong>Part II. Specific Programming Tasks</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html
index 2e3e451..f795415 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html
@@ -6,10 +6,10 @@
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="next" href="pt01.html" title="Part I. Programming Languages" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"></li><li class="next"><a accesskey="n" href="pt01.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="book" id="idm225473330416" lang="en-US"><div class="titlepage"><div><div class="producttitle" font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" t
ext-align="center"><span class="productname">Fedora Security Team</span> <span class="productnumber"></span></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h1 id="idm225473330416" class="title">Defensive Coding</h1></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h2 class="subtitle">A Guide to Improving Software Security</h2></div><p class="edition">Edition 1</p><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h3 class="corpauthor">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="next" href="pt01.html" title="Part I. Programming Languages" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"></li><li class="next"><a accesskey="n" href="pt01.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="book" id="idm225441302400" lang="en-US"><div class="titlepage"><div><div class="producttitle" font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" t
ext-align="center"><span class="productname">Fedora Security Team</span> <span class="productnumber"></span></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h1 id="idm225441302400" class="title">Defensive Coding</h1></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h2 class="subtitle">A Guide to Improving Software Security</h2></div><p class="edition">Edition 1</p><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><h3 class="corpauthor">
<span class="inlinemediaobject"><object data="Common_Content/images/title_logo.svg" type="image/svg+xml"> </object></span>
- </h3></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><div xml:lang="en-US" class="authorgroup" lang="en-US"><div class="author"><h3 class="author"><span class="firstname">Florian</span> <span class="surname">Weimer</span></h3><div class="affiliation"><span class="orgname">Red Hat</span> <span class="orgdiv">Product Security Team</span></div><code class="email"><a class="email" href="mailto:fweimer at redhat.com">fweimer at redhat.com</a></code></div></div></div><hr /><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><div id="idm225459923200" class="legalnotice"><h1 class="legalnotice">Legal Notice</h1><div class="para">
+ </h3></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><div xml:lang="en-US" class="authorgroup" lang="en-US"><div class="author"><h3 class="author"><span class="firstname">Florian</span> <span class="surname">Weimer</span></h3><div class="affiliation"><span class="orgname">Red Hat</span> <span class="orgdiv">Product Security Team</span></div><code class="email"><a class="email" href="mailto:fweimer at redhat.com">fweimer at redhat.com</a></code></div></div></div><hr /><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><div id="idm225480893104" class="legalnotice"><h1 class="legalnotice">Legal Notice</h1><div class="para">
Copyright <span class="trademark"></span>© 2012-2014 Red Hat, Inc.
</div><div class="para">
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at <a href="http://creativecommons.org/licenses/by-sa/3.0/">http://creativecommons.org/licenses/by-sa/3.0/</a>. The original authors of this document, and Red Hat, designate the Fedora Project as the "Attribution Party" for purposes of CC-BY-SA. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
@@ -31,4 +31,4 @@
All other trademarks are the property of their respective owners.
</div></div></div><div font-family="sans-serif,Symbol,ZapfDingbats" font-weight="bold" font-size="12pt" text-align="center"><div class="abstract"><h6>Abstract</h6><div class="para">
This document provides guidelines for improving software security through secure coding. It covers common programming languages and libraries, and focuses on concrete recommendations.
- </div></div></div></div><hr /></div><div class="toc"><dl class="toc"><dt><span class="part"><a href="pt01.html">I. Programming Languages</a></span></dt><dd><dl><dt><span class="chapter"><a href="chap-Defensive_Coding-C.html">1. The C Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Language">1.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Undefined">1.1.1. Undefined behavior</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Pointers">1.1.2. Recommendations for pointers and array handling</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Arithmetic">1.1.3. Recommendations for integer arithmetic</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Globals"
>1.1.4. Global variables</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-C-Libc.html">1.2. The C standard library</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-C-Libc.html#sect-Defensive_Coding-C-Absolutely-Banned">1.2.1. Absolutely banned interfaces</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Avoid.html">1.2.2. Functions to avoid</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-String-Functions-Length.html">1.2.3. String Functions With Explicit Length Arguments</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators.html">1.3. Memory allocators</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators.html#idm225470719360">1.3.1. <code class="function">malloc</code> and related functions</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators-alloca.ht
ml">1.3.2. <code class="function">alloca</code> and other forms of stack-based allocation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators-Arrays.html">1.3.3. Array allocation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators-Custom.html">1.3.4. Custom memory allocators</a></span></dt><dt><span class="section"><a href="ch01s03s05.html">1.3.5. Conservative garbage collection</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-C-Other.html">1.4. Other C-related topics</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-C-Other.html#sect-Defensive_Coding-C-Wrapper-Functions">1.4.1. Wrapper functions</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-CXX.html">2. The C++ Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#sect-Defensive_Coding-CXX-Languag
e">2.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#idm225451562352">2.1.1. Array allocation with <code class="literal">operator new[]</code></a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#idm225451560624">2.1.2. Overloading</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#idm225451563856">2.1.3. ABI compatibility and preparing for security updates</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#sect-Defensive_Coding-CXX-Language-CXX11">2.1.4. C++0X and C++11 support</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std.html">2.2. The C++ standard library</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std.html#sect-Defensive_Coding-CXX-Std-Functions">2.2.1. Functions that are difficult to use</a></span></dt><dt><span class="section"><a href="se
ct-Defensive_Coding-CXX-Std-String.html">2.2.2. String handling with <code class="literal">std::string</code></a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std-Subscript.html">2.2.3. Containers and <code class="literal">operator[]</code></a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std-Iterators.html">2.2.4. Iterators</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Java.html">3. The Java Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language">3.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-ReadArray">3.1.1. Inceasing robustness when reading arrays</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-Resources">3.1.2. R
esource management</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-Finalizers">3.1.3. Finalizers</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-Exceptions">3.1.4. Recovering from exceptions and errors</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Java-LowLevel.html">3.2. Low-level features of the virtual machine</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Java-LowLevel.html#sect-Defensive_Coding-Java-Reflection">3.2.1. <code class="literal">Reflection and private parts</code></a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-JNI.html">3.2.2. Java Native Interface (JNI)</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-MiscUnsafe.html">3.2.3. <code class="literal">sun.misc.Unsafe</code></a></span></dt></dl></dd><d
t><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager.html">3.3. Interacting with the security manager</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager.html#sect-Defensive_Coding-Java-SecurityManager-Compatible">3.3.1. Security manager compatibility</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager-Activate.html">3.3.2. Activating the security manager</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager-Unprivileged.html">3.3.3. Reducing trust in code</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager-Privileged.html">3.3.4. Re-gaining privileges</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Python.html">4. The Python Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Python.html#idm22
5495658016">4.1. Dangerous standard library features</a></span></dt><dt><span class="section"><a href="ch04s02.html">4.2. Run-time compilation and code generation</a></span></dt><dt><span class="section"><a href="ch04s03.html">4.3. Sandboxing</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Go.html">5. The Go Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Go.html#chap-Defensive_Coding-Go-Memory_Safety">5.1. Memory safety</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Go-Error_Handling.html">5.2. Error handling</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Go-Garbage_Collector.html">5.3. Garbage Collector</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Vala.html">6. The Vala Programming Language</a></span></dt></dl></dd><dt><span class="part"><a href="pt02.html">II. Specific Programming Tasks</a></span></dt
><dd><dl><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-Library_Design.html">7. Library Design</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Library_Design.html#idm225487651552">7.1. State management</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Library_Design.html#idm225491488784">7.1.1. Global state</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Library_Design.html#idm225448222624">7.1.2. Handles</a></span></dt></dl></dd><dt><span class="section"><a href="ch07s02.html">7.2. Object orientation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Library_Design-Callbacks.html">7.3. Callbacks</a></span></dt><dt><span class="section"><a href="ch07s04.html">7.4. Process attributes</a></span></dt></dl></dd><dt><span class="chapter"><a href="sect-Defensive_Coding-Tasks-Descriptors.html">8. File Descriptor Management</a></span></dt
><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm225440737696">8.1. Closing descriptors</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm225454974624">8.1.1. Error handling during descriptor close</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm225452561072">8.1.2. Closing descriptors and race conditions</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm225462035824">8.1.3. Lingering state after close</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html">8.2. Preventing file descriptor leaks to child processes</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html">8.3. Dealing with the <code class="function">select</code> limit</a></span></dt></dl></dd><dt><span class
="chapter"><a href="chap-Defensive_Coding-Tasks-File_System.html">9. File system manipulation</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-File_System.html#sect-Defensive_Coding-Tasks-File_System-Unowned">9.1. Working with files and directories owned by other users</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Foreign.html">9.2. Accessing the file system as a different user</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Limits.html">9.3. File system limits</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Features.html">9.4. File system features</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Free_Space.html">9.5. Checking free space</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-Temporary_Files.html">10. Temporary files</a></sp
an></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Temporary_Files.html#chap-Defensive_Coding-Tasks-Temporary_Files-Location">10.1. Obtaining the location of temporary directory</a></span></dt><dt><span class="section"><a href="ch10s02.html">10.2. Named temporary files</a></span></dt><dt><span class="section"><a href="ch10s03.html">10.3. Temporary files without names</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Temporary_Directory.html">10.4. Temporary directories</a></span></dt><dt><span class="section"><a href="ch10s05.html">10.5. Compensating for unsafe file creation</a></span></dt></dl></dd><dt><span class="chapter"><a href="sect-Defensive_Coding-Tasks-Processes.html">11. Processes</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-Creation">11.1. Safe process creation</a></span></dt><dd><dl><dt><span class="section"><a href
="sect-Defensive_Coding-Tasks-Processes.html#idm225447262352">11.1.1. Obtaining the program path and the command line template</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-execve">11.1.2. Bypassing the shell</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-environ">11.1.3. Specifying the process environment</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#idm225452426368">11.1.4. Robust argument list processing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-Command_Line_Visibility">11.1.5. Passing secrets to subprocesses</a></span></dt></dl></dd><dt><span class="section"><a href="ch11s02.html">11.2. Handling child process termination</a></span></dt><dt><span class="section"><a href="c
h11s03.html">11.3. <code class="literal">SUID</code>/<code class="literal">SGID</code> processes</a></span></dt><dd><dl><dt><span class="section"><a href="ch11s03.html#sect-Defensive_Coding-Tasks-secure_getenv">11.3.1. Accessing environment variables</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes-Daemons.html">11.4. Daemons</a></span></dt><dt><span class="section"><a href="ch11s05.html">11.5. Semantics of command line arguments</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html">11.6. <code class="function">fork</code> as a primitive for parallelism</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-Serialization.html">12. Serialization and Deserialization</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Serialization.html#sect-Defensive_Coding-Tasks-Serialization-Decoders">12.1. Recommendations f
or manually written decoders</a></span></dt><dt><span class="section"><a href="ch12s02.html">12.2. Protocol design</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html">12.3. Fragmentation</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html#sect-Defensive_Coding-Tasks-Serialization-Fragmentation-ID">12.3.1. Fragment IDs</a></span></dt></dl></dd><dt><span class="section"><a href="ch12s04.html">12.4. Library support for deserialization</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML.html">12.5. XML serialization</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML.html#sect-Defensive_Coding-Tasks-Serialization-XML-External">12.5.1. External references</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.ht
ml">12.5.2. Entity expansion</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html">12.5.3. XInclude processing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html">12.5.4. Algorithmic complexity of XML validation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html">12.5.5. Using Expat for XML parsing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-Qt.html">12.5.6. Using Qt for XML parsing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html">12.5.7. Using OpenJDK for XML parsing and validation</a></span></dt></dl></dd><dt><span class="section"><a href="ch12s06.html">12.6. Protocol Encoders</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-Cryptography.html">13. Cry
ptography</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Cryptography.html#idm225455032912">13.1. Primitives</a></span></dt><dt><span class="section"><a href="ch13s02.html">13.2. Randomness</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-Packaging.html">14. RPM packaging</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Packaging.html#sect-Defensive_Coding-Tasks-Packaging-Certificates">14.1. Generating X.509 self-signed certificates during installation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Packaging-Certificates-Service.html">14.2. Generating X.509 self-signed certificates before service start</a></span></dt></dl></dd></dl></dd><dt><span class="part"><a href="pt03.html">III. Implementing Security Features</a></span></dt><dd><dl><dt><span class="chapter"><a href="chap-Defensive_Coding-Authentication.html">15. Authentication
and Authorization</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Authentication.html#sect-Defensive_Coding-Authentication-Server">15.1. Authenticating servers</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Authentication-Host_based.html">15.2. Host-based authentication</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Authentication-UNIX_Domain.html">15.3. UNIX domain socket authentication</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Authentication-Netlink.html">15.4. <code class="literal">AF_NETLINK</code> authentication of origin</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-TLS.html">16. Transport Layer Security</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls">16.1. Common Pitfalls</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Co
ding-TLS.html#sect-Defensive_Coding-TLS-OpenSSL">16.1.1. OpenSSL Pitfalls</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-GNUTLS">16.1.2. GNUTLS Pitfalls</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-OpenJDK">16.1.3. OpenJDK Pitfalls</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-NSS">16.1.4. NSS Pitfalls</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client.html">16.2. TLS Clients</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client.html#idm225494367168">16.2.1. Implementation TLS Clients With OpenSSL</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-GNUTLS.html">16.2.2. Implementation TLS Clients With GNUTLS</a></span></dt><dt><span class="section"><a href="sect
-Defensive_Coding-TLS-Client-OpenJDK.html">16.2.3. Implementing TLS Clients With OpenJDK</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-NSS.html">16.2.4. Implementing TLS Clients With NSS</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-Python.html">16.2.5. Implementing TLS Clients With Python</a></span></dt></dl></dd></dl></dd></dl></dd><dt><span class="appendix"><a href="appe-Defensive_Coding-Revision_History.html">A. Revision History</a></span></dt></dl></div></div><ul class="docnav"><li class="previous"></li><li class="next"><a accesskey="n" href="pt01.html"><strong>Next</strong>Part I. Programming Languages</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div></div><hr /></div><div class="toc"><dl class="toc"><dt><span class="part"><a href="pt01.html">I. Programming Languages</a></span></dt><dd><dl><dt><span class="chapter"><a href="chap-Defensive_Coding-C.html">1. The C Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Language">1.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Undefined">1.1.1. Undefined behavior</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Pointers">1.1.2. Recommendations for pointers and array handling</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Arithmetic">1.1.3. Recommendations for integer arithmetic</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Globals"
>1.1.4. Global variables</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-C-Libc.html">1.2. The C standard library</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-C-Libc.html#sect-Defensive_Coding-C-Absolutely-Banned">1.2.1. Absolutely banned interfaces</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Avoid.html">1.2.2. Functions to avoid</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-String-Functions-Length.html">1.2.3. String Functions With Explicit Length Arguments</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators.html">1.3. Memory allocators</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators.html#idm225431847616">1.3.1. <code class="function">malloc</code> and related functions</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators-alloca.ht
ml">1.3.2. <code class="function">alloca</code> and other forms of stack-based allocation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators-Arrays.html">1.3.3. Array allocation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators-Custom.html">1.3.4. Custom memory allocators</a></span></dt><dt><span class="section"><a href="ch01s03s05.html">1.3.5. Conservative garbage collection</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-C-Other.html">1.4. Other C-related topics</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-C-Other.html#sect-Defensive_Coding-C-Wrapper-Functions">1.4.1. Wrapper functions</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-CXX.html">2. The C++ Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#sect-Defensive_Coding-CXX-Languag
e">2.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#idm225463017408">2.1.1. Array allocation with <code class="literal">operator new[]</code></a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#idm225463015536">2.1.2. Overloading</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#idm225463018768">2.1.3. ABI compatibility and preparing for security updates</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#sect-Defensive_Coding-CXX-Language-CXX11">2.1.4. C++0X and C++11 support</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std.html">2.2. The C++ standard library</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std.html#sect-Defensive_Coding-CXX-Std-Functions">2.2.1. Functions that are difficult to use</a></span></dt><dt><span class="section"><a href="se
ct-Defensive_Coding-CXX-Std-String.html">2.2.2. String handling with <code class="literal">std::string</code></a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std-Subscript.html">2.2.3. Containers and <code class="literal">operator[]</code></a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std-Iterators.html">2.2.4. Iterators</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Java.html">3. The Java Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language">3.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-ReadArray">3.1.1. Inceasing robustness when reading arrays</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-Resources">3.1.2. R
esource management</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-Finalizers">3.1.3. Finalizers</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-Exceptions">3.1.4. Recovering from exceptions and errors</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Java-LowLevel.html">3.2. Low-level features of the virtual machine</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Java-LowLevel.html#sect-Defensive_Coding-Java-Reflection">3.2.1. <code class="literal">Reflection and private parts</code></a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-JNI.html">3.2.2. Java Native Interface (JNI)</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-MiscUnsafe.html">3.2.3. <code class="literal">sun.misc.Unsafe</code></a></span></dt></dl></dd><d
t><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager.html">3.3. Interacting with the security manager</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager.html#sect-Defensive_Coding-Java-SecurityManager-Compatible">3.3.1. Security manager compatibility</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager-Activate.html">3.3.2. Activating the security manager</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager-Unprivileged.html">3.3.3. Reducing trust in code</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager-Privileged.html">3.3.4. Re-gaining privileges</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Python.html">4. The Python Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Python.html#idm22
5442540736">4.1. Dangerous standard library features</a></span></dt><dt><span class="section"><a href="ch04s02.html">4.2. Run-time compilation and code generation</a></span></dt><dt><span class="section"><a href="ch04s03.html">4.3. Sandboxing</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Shell.html">5. Shell Programming and <span class="application"><strong>bash</strong></span></a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Shell.html#sect-Defensive_Coding-Shell-Alternatives">5.1. Consider alternatives</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Shell-Language.html">5.2. Shell language features</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Shell-Language.html#sect-Defensive_Coding-Shell-Parameter_Expansion">5.2.1. Parameter expansion</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Shell-Double_Expansion.html">5.2.2. Double
expansion</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Shell-Obscure.html">5.2.3. Other obscurities</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Shell-Invoke.html">5.3. Invoking external commands</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Shell-Temporary_Files.html">5.4. Temporary files</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Shell-Input_Validation.html">5.5. Performing input validation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Shell-Edit_Guard.html">5.6. Guarding shell scripts against changes</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Go.html">6. The Go Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Go.html#chap-Defensive_Coding-Go-Memory_Safety">6.1. Memory safety</a></span></dt><dt><span class="section"><a href="chap-Defensive_
Coding-Go-Error_Handling.html">6.2. Error handling</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Go-Garbage_Collector.html">6.3. Garbage Collector</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Go-Marshaling.html">6.4. Marshaling and unmarshaling</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Vala.html">7. The Vala Programming Language</a></span></dt></dl></dd><dt><span class="part"><a href="pt02.html">II. Specific Programming Tasks</a></span></dt><dd><dl><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-Library_Design.html">8. Library Design</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Library_Design.html#idm225456690032">8.1. State management</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Library_Design.html#idm225458399616">8.1.1. Global state</a></span></dt><dt><span class="section"><a href="cha
p-Defensive_Coding-Tasks-Library_Design.html#idm225451977760">8.1.2. Handles</a></span></dt></dl></dd><dt><span class="section"><a href="ch08s02.html">8.2. Object orientation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Library_Design-Callbacks.html">8.3. Callbacks</a></span></dt><dt><span class="section"><a href="ch08s04.html">8.4. Process attributes</a></span></dt></dl></dd><dt><span class="chapter"><a href="sect-Defensive_Coding-Tasks-Descriptors.html">9. File Descriptor Management</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm225460870016">9.1. Closing descriptors</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm225453053392">9.1.1. Error handling during descriptor close</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm225444138928">9.1.2. Closing descriptors and race conditi
ons</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm225451347680">9.1.3. Lingering state after close</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html">9.2. Preventing file descriptor leaks to child processes</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html">9.3. Dealing with the <code class="function">select</code> limit</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-File_System.html">10. File system manipulation</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-File_System.html#sect-Defensive_Coding-Tasks-File_System-Unowned">10.1. Working with files and directories owned by other users</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Foreign.html">10.2. Accessing the file system as a di
fferent user</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Limits.html">10.3. File system limits</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Features.html">10.4. File system features</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Free_Space.html">10.5. Checking free space</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-Temporary_Files.html">11. Temporary files</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Temporary_Files.html#chap-Defensive_Coding-Tasks-Temporary_Files-Location">11.1. Obtaining the location of temporary directory</a></span></dt><dt><span class="section"><a href="ch11s02.html">11.2. Named temporary files</a></span></dt><dt><span class="section"><a href="ch11s03.html">11.3. Temporary files without names</a></span></dt><dt><span class="section"><a href
="chap-Defensive_Coding-Tasks-Temporary_Directory.html">11.4. Temporary directories</a></span></dt><dt><span class="section"><a href="ch11s05.html">11.5. Compensating for unsafe file creation</a></span></dt></dl></dd><dt><span class="chapter"><a href="sect-Defensive_Coding-Tasks-Processes.html">12. Processes</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-Creation">12.1. Safe process creation</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#idm225445040976">12.1.1. Obtaining the program path and the command line template</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-execve">12.1.2. Bypassing the shell</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-environ">12.1.3. Spec
ifying the process environment</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#idm225434989808">12.1.4. Robust argument list processing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-Command_Line_Visibility">12.1.5. Passing secrets to subprocesses</a></span></dt></dl></dd><dt><span class="section"><a href="ch12s02.html">12.2. Handling child process termination</a></span></dt><dt><span class="section"><a href="ch12s03.html">12.3. <code class="literal">SUID</code>/<code class="literal">SGID</code> processes</a></span></dt><dd><dl><dt><span class="section"><a href="ch12s03.html#sect-Defensive_Coding-Tasks-secure_getenv">12.3.1. Accessing environment variables</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes-Daemons.html">12.4. Daemons</a></span></dt><dt><span class="section"><a href="ch12s05.html">12.5.
Semantics of command line arguments</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html">12.6. <code class="function">fork</code> as a primitive for parallelism</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-Serialization.html">13. Serialization and Deserialization</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Serialization.html#sect-Defensive_Coding-Tasks-Serialization-Decoders">13.1. Recommendations for manually written decoders</a></span></dt><dt><span class="section"><a href="ch13s02.html">13.2. Protocol design</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html">13.3. Fragmentation</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html#sect-Defensive_Coding-Tasks-Serialization-Fragmentation-ID">13.3.1. Fragment IDs
</a></span></dt></dl></dd><dt><span class="section"><a href="ch13s04.html">13.4. Library support for deserialization</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML.html">13.5. XML serialization</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML.html#sect-Defensive_Coding-Tasks-Serialization-XML-External">13.5.1. External references</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html">13.5.2. Entity expansion</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html">13.5.3. XInclude processing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html">13.5.4. Algorithmic complexity of XML validation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html">13.5.5.
Using Expat for XML parsing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-Qt.html">13.5.6. Using Qt for XML parsing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html">13.5.7. Using OpenJDK for XML parsing and validation</a></span></dt></dl></dd><dt><span class="section"><a href="ch13s06.html">13.6. Protocol Encoders</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-Cryptography.html">14. Cryptography</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Cryptography.html#idm225466783088">14.1. Primitives</a></span></dt><dt><span class="section"><a href="ch14s02.html">14.2. Randomness</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-Packaging.html">15. RPM packaging</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Packaging
.html#sect-Defensive_Coding-Tasks-Packaging-Certificates">15.1. Generating X.509 self-signed certificates during installation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Packaging-Certificates-Service.html">15.2. Generating X.509 self-signed certificates before service start</a></span></dt></dl></dd></dl></dd><dt><span class="part"><a href="pt03.html">III. Implementing Security Features</a></span></dt><dd><dl><dt><span class="chapter"><a href="chap-Defensive_Coding-Authentication.html">16. Authentication and Authorization</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Authentication.html#sect-Defensive_Coding-Authentication-Server">16.1. Authenticating servers</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Authentication-Host_based.html">16.2. Host-based authentication</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Authentication-UNIX_Domain.html">16.3. UNIX d
omain socket authentication</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Authentication-Netlink.html">16.4. <code class="literal">AF_NETLINK</code> authentication of origin</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-TLS.html">17. Transport Layer Security</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls">17.1. Common Pitfalls</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-OpenSSL">17.1.1. OpenSSL Pitfalls</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-GNUTLS">17.1.2. GNUTLS Pitfalls</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-OpenJDK">17.1.3. OpenJDK Pitfalls</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-TL
S.html#sect-Defensive_Coding-TLS-Pitfalls-NSS">17.1.4. NSS Pitfalls</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client.html">17.2. TLS Clients</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client.html#idm225439762448">17.2.1. Implementation TLS Clients With OpenSSL</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-GNUTLS.html">17.2.2. Implementation TLS Clients With GNUTLS</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-OpenJDK.html">17.2.3. Implementing TLS Clients With OpenJDK</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-NSS.html">17.2.4. Implementing TLS Clients With NSS</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-Python.html">17.2.5. Implementing TLS Clients With Python</a></span></dt></dl></dd></dl></dd></dl></dd><dt><span class="appendix"><a href="
appe-Defensive_Coding-Revision_History.html">A. Revision History</a></span></dt></dl></div></div><ul class="docnav"><li class="previous"></li><li class="next"><a accesskey="n" href="pt01.html"><strong>Next</strong>Part I. Programming Languages</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/pt01.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/pt01.html
index 7438708..52e9b7e 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/pt01.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/pt01.html
@@ -6,4 +6,4 @@
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="index.html" title="Defensive Coding" /><link rel="prev" href="index.html" title="Defensive Coding" /><link rel="next" href="chap-Defensive_Coding-C.html" title="Chapter 1. The C Programming Language" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="index.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-C.html"><strong>Next
</strong></a></li></ul><div class="part" id="idm225473328864"><div class="titlepage"><div><div text-align="center"><h1 class="title">Part I. Programming Languages</h1></div></div></div><div class="toc"><p><strong>Table of Contents</strong></p><dl class="toc"><dt><span class="chapter"><a href="chap-Defensive_Coding-C.html">1. The C Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Language">1.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Undefined">1.1.1. Undefined behavior</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Pointers">1.1.2. Recommendations for pointers and array handling</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Arithmetic">1.1.3. Recommendations for integer arithmetic</a></span></
dt><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Globals">1.1.4. Global variables</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-C-Libc.html">1.2. The C standard library</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-C-Libc.html#sect-Defensive_Coding-C-Absolutely-Banned">1.2.1. Absolutely banned interfaces</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Avoid.html">1.2.2. Functions to avoid</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-String-Functions-Length.html">1.2.3. String Functions With Explicit Length Arguments</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators.html">1.3. Memory allocators</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators.html#idm225470719360">1.3.1. <code class="function">malloc</code> and related funct
ions</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators-alloca.html">1.3.2. <code class="function">alloca</code> and other forms of stack-based allocation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators-Arrays.html">1.3.3. Array allocation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators-Custom.html">1.3.4. Custom memory allocators</a></span></dt><dt><span class="section"><a href="ch01s03s05.html">1.3.5. Conservative garbage collection</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-C-Other.html">1.4. Other C-related topics</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-C-Other.html#sect-Defensive_Coding-C-Wrapper-Functions">1.4.1. Wrapper functions</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-CXX.html">2. The C++ Programming Language</a></span></dt><dd><dl>
<dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#sect-Defensive_Coding-CXX-Language">2.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#idm225451562352">2.1.1. Array allocation with <code class="literal">operator new[]</code></a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#idm225451560624">2.1.2. Overloading</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#idm225451563856">2.1.3. ABI compatibility and preparing for security updates</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#sect-Defensive_Coding-CXX-Language-CXX11">2.1.4. C++0X and C++11 support</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std.html">2.2. The C++ standard library</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std.html#sect-Defensive_Coding-CXX-Std-Functio
ns">2.2.1. Functions that are difficult to use</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std-String.html">2.2.2. String handling with <code class="literal">std::string</code></a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std-Subscript.html">2.2.3. Containers and <code class="literal">operator[]</code></a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std-Iterators.html">2.2.4. Iterators</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Java.html">3. The Java Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language">3.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-ReadArray">3.1.1. Inceasing robustness when reading arrays</a></span></dt><dt><span class="sectio
n"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-Resources">3.1.2. Resource management</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-Finalizers">3.1.3. Finalizers</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-Exceptions">3.1.4. Recovering from exceptions and errors</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Java-LowLevel.html">3.2. Low-level features of the virtual machine</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Java-LowLevel.html#sect-Defensive_Coding-Java-Reflection">3.2.1. <code class="literal">Reflection and private parts</code></a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-JNI.html">3.2.2. Java Native Interface (JNI)</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Ja
va-MiscUnsafe.html">3.2.3. <code class="literal">sun.misc.Unsafe</code></a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager.html">3.3. Interacting with the security manager</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager.html#sect-Defensive_Coding-Java-SecurityManager-Compatible">3.3.1. Security manager compatibility</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager-Activate.html">3.3.2. Activating the security manager</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager-Unprivileged.html">3.3.3. Reducing trust in code</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager-Privileged.html">3.3.4. Re-gaining privileges</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Python.html">4. The Python Programming Languag
e</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Python.html#idm225495658016">4.1. Dangerous standard library features</a></span></dt><dt><span class="section"><a href="ch04s02.html">4.2. Run-time compilation and code generation</a></span></dt><dt><span class="section"><a href="ch04s03.html">4.3. Sandboxing</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Go.html">5. The Go Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Go.html#chap-Defensive_Coding-Go-Memory_Safety">5.1. Memory safety</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Go-Error_Handling.html">5.2. Error handling</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Go-Garbage_Collector.html">5.3. Garbage Collector</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Vala.html">6. The Vala Programming Language</a></span></dt
></dl></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="index.html"><strong>Prev</strong>Defensive Coding</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-C.html"><strong>Next</strong>Chapter 1. The C Programming Language</a></li></ul></body></html>
\ No newline at end of file
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="index.html" title="Defensive Coding" /><link rel="prev" href="index.html" title="Defensive Coding" /><link rel="next" href="chap-Defensive_Coding-C.html" title="Chapter 1. The C Programming Language" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="index.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-C.html"><strong>Next
</strong></a></li></ul><div class="part" id="idm225441300640"><div class="titlepage"><div><div text-align="center"><h1 class="title">Part I. Programming Languages</h1></div></div></div><div class="toc"><p><strong>Table of Contents</strong></p><dl class="toc"><dt><span class="chapter"><a href="chap-Defensive_Coding-C.html">1. The C Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Language">1.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Undefined">1.1.1. Undefined behavior</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Pointers">1.1.2. Recommendations for pointers and array handling</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Arithmetic">1.1.3. Recommendations for integer arithmetic</a></span></
dt><dt><span class="section"><a href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Globals">1.1.4. Global variables</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-C-Libc.html">1.2. The C standard library</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-C-Libc.html#sect-Defensive_Coding-C-Absolutely-Banned">1.2.1. Absolutely banned interfaces</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Avoid.html">1.2.2. Functions to avoid</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-String-Functions-Length.html">1.2.3. String Functions With Explicit Length Arguments</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators.html">1.3. Memory allocators</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators.html#idm225431847616">1.3.1. <code class="function">malloc</code> and related funct
ions</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators-alloca.html">1.3.2. <code class="function">alloca</code> and other forms of stack-based allocation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators-Arrays.html">1.3.3. Array allocation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-C-Allocators-Custom.html">1.3.4. Custom memory allocators</a></span></dt><dt><span class="section"><a href="ch01s03s05.html">1.3.5. Conservative garbage collection</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-C-Other.html">1.4. Other C-related topics</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-C-Other.html#sect-Defensive_Coding-C-Wrapper-Functions">1.4.1. Wrapper functions</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-CXX.html">2. The C++ Programming Language</a></span></dt><dd><dl>
<dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#sect-Defensive_Coding-CXX-Language">2.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#idm225463017408">2.1.1. Array allocation with <code class="literal">operator new[]</code></a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#idm225463015536">2.1.2. Overloading</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#idm225463018768">2.1.3. ABI compatibility and preparing for security updates</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-CXX.html#sect-Defensive_Coding-CXX-Language-CXX11">2.1.4. C++0X and C++11 support</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std.html">2.2. The C++ standard library</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std.html#sect-Defensive_Coding-CXX-Std-Functio
ns">2.2.1. Functions that are difficult to use</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std-String.html">2.2.2. String handling with <code class="literal">std::string</code></a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std-Subscript.html">2.2.3. Containers and <code class="literal">operator[]</code></a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-CXX-Std-Iterators.html">2.2.4. Iterators</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Java.html">3. The Java Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language">3.1. The core language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-ReadArray">3.1.1. Inceasing robustness when reading arrays</a></span></dt><dt><span class="sectio
n"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-Resources">3.1.2. Resource management</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-Finalizers">3.1.3. Finalizers</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Java.html#sect-Defensive_Coding-Java-Language-Exceptions">3.1.4. Recovering from exceptions and errors</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Java-LowLevel.html">3.2. Low-level features of the virtual machine</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Java-LowLevel.html#sect-Defensive_Coding-Java-Reflection">3.2.1. <code class="literal">Reflection and private parts</code></a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-JNI.html">3.2.2. Java Native Interface (JNI)</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Ja
va-MiscUnsafe.html">3.2.3. <code class="literal">sun.misc.Unsafe</code></a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager.html">3.3. Interacting with the security manager</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager.html#sect-Defensive_Coding-Java-SecurityManager-Compatible">3.3.1. Security manager compatibility</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager-Activate.html">3.3.2. Activating the security manager</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager-Unprivileged.html">3.3.3. Reducing trust in code</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Java-SecurityManager-Privileged.html">3.3.4. Re-gaining privileges</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Python.html">4. The Python Programming Languag
e</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Python.html#idm225442540736">4.1. Dangerous standard library features</a></span></dt><dt><span class="section"><a href="ch04s02.html">4.2. Run-time compilation and code generation</a></span></dt><dt><span class="section"><a href="ch04s03.html">4.3. Sandboxing</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Shell.html">5. Shell Programming and <span class="application"><strong>bash</strong></span></a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Shell.html#sect-Defensive_Coding-Shell-Alternatives">5.1. Consider alternatives</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Shell-Language.html">5.2. Shell language features</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Shell-Language.html#sect-Defensive_Coding-Shell-Parameter_Expansion">5.2.1. Parameter expansion</a></span></dt>
<dt><span class="section"><a href="sect-Defensive_Coding-Shell-Double_Expansion.html">5.2.2. Double expansion</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Shell-Obscure.html">5.2.3. Other obscurities</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Shell-Invoke.html">5.3. Invoking external commands</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Shell-Temporary_Files.html">5.4. Temporary files</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Shell-Input_Validation.html">5.5. Performing input validation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Shell-Edit_Guard.html">5.6. Guarding shell scripts against changes</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Go.html">6. The Go Programming Language</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Go.html#chap-Defensive_Coding-Go-
Memory_Safety">6.1. Memory safety</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Go-Error_Handling.html">6.2. Error handling</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Go-Garbage_Collector.html">6.3. Garbage Collector</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Go-Marshaling.html">6.4. Marshaling and unmarshaling</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Vala.html">7. The Vala Programming Language</a></span></dt></dl></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="index.html"><strong>Prev</strong>Defensive Coding</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-C.html"><strong>Next</strong>Chapter 1. The C Programming Language</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/pt02.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/pt02.html
index 3894293..5c2228f 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/pt02.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/pt02.html
@@ -6,4 +6,4 @@
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="index.html" title="Defensive Coding" /><link rel="prev" href="chap-Defensive_Coding-Vala.html" title="Chapter 6. The Vala Programming Language" /><link rel="next" href="chap-Defensive_Coding-Tasks-Library_Design.html" title="Chapter 7. Library Design" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Vala.html"><strong>Prev</strong></a></li><li cla
ss="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Library_Design.html"><strong>Next</strong></a></li></ul><div class="part" id="idm225447908000"><div class="titlepage"><div><div text-align="center"><h1 class="title">Part II. Specific Programming Tasks</h1></div></div></div><div class="toc"><p><strong>Table of Contents</strong></p><dl class="toc"><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-Library_Design.html">7. Library Design</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Library_Design.html#idm225487651552">7.1. State management</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Library_Design.html#idm225491488784">7.1.1. Global state</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Library_Design.html#idm225448222624">7.1.2. Handles</a></span></dt></dl></dd><dt><span class="section"><a href="ch07s02.html">7.2. Object orientation</a></span>
</dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Library_Design-Callbacks.html">7.3. Callbacks</a></span></dt><dt><span class="section"><a href="ch07s04.html">7.4. Process attributes</a></span></dt></dl></dd><dt><span class="chapter"><a href="sect-Defensive_Coding-Tasks-Descriptors.html">8. File Descriptor Management</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm225440737696">8.1. Closing descriptors</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm225454974624">8.1.1. Error handling during descriptor close</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm225452561072">8.1.2. Closing descriptors and race conditions</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm225462035824">8.1.3. Lingering state after close</a></span></dt></dl></dd><dt><span
class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html">8.2. Preventing file descriptor leaks to child processes</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html">8.3. Dealing with the <code class="function">select</code> limit</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-File_System.html">9. File system manipulation</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-File_System.html#sect-Defensive_Coding-Tasks-File_System-Unowned">9.1. Working with files and directories owned by other users</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Foreign.html">9.2. Accessing the file system as a different user</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Limits.html">9.3. File system limits</a></span></dt><dt><span class="section"><a href
="sect-Defensive_Coding-Tasks-File_System-Features.html">9.4. File system features</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Free_Space.html">9.5. Checking free space</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-Temporary_Files.html">10. Temporary files</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Temporary_Files.html#chap-Defensive_Coding-Tasks-Temporary_Files-Location">10.1. Obtaining the location of temporary directory</a></span></dt><dt><span class="section"><a href="ch10s02.html">10.2. Named temporary files</a></span></dt><dt><span class="section"><a href="ch10s03.html">10.3. Temporary files without names</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Temporary_Directory.html">10.4. Temporary directories</a></span></dt><dt><span class="section"><a href="ch10s05.html">10.5. Compensating for unsafe file creation
</a></span></dt></dl></dd><dt><span class="chapter"><a href="sect-Defensive_Coding-Tasks-Processes.html">11. Processes</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-Creation">11.1. Safe process creation</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#idm225447262352">11.1.1. Obtaining the program path and the command line template</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-execve">11.1.2. Bypassing the shell</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-environ">11.1.3. Specifying the process environment</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#idm225452426368">11.1.4. Robust argument list processing</a></span>
</dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-Command_Line_Visibility">11.1.5. Passing secrets to subprocesses</a></span></dt></dl></dd><dt><span class="section"><a href="ch11s02.html">11.2. Handling child process termination</a></span></dt><dt><span class="section"><a href="ch11s03.html">11.3. <code class="literal">SUID</code>/<code class="literal">SGID</code> processes</a></span></dt><dd><dl><dt><span class="section"><a href="ch11s03.html#sect-Defensive_Coding-Tasks-secure_getenv">11.3.1. Accessing environment variables</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes-Daemons.html">11.4. Daemons</a></span></dt><dt><span class="section"><a href="ch11s05.html">11.5. Semantics of command line arguments</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html">11.6. <code class="function">fork</code> as a
primitive for parallelism</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-Serialization.html">12. Serialization and Deserialization</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Serialization.html#sect-Defensive_Coding-Tasks-Serialization-Decoders">12.1. Recommendations for manually written decoders</a></span></dt><dt><span class="section"><a href="ch12s02.html">12.2. Protocol design</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html">12.3. Fragmentation</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html#sect-Defensive_Coding-Tasks-Serialization-Fragmentation-ID">12.3.1. Fragment IDs</a></span></dt></dl></dd><dt><span class="section"><a href="ch12s04.html">12.4. Library support for deserialization</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Ta
sks-Serialization-XML.html">12.5. XML serialization</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML.html#sect-Defensive_Coding-Tasks-Serialization-XML-External">12.5.1. External references</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html">12.5.2. Entity expansion</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html">12.5.3. XInclude processing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html">12.5.4. Algorithmic complexity of XML validation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html">12.5.5. Using Expat for XML parsing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-Qt.html">12.5.6. Using Qt for XML parsing</a></span></dt><dt><span clas
s="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html">12.5.7. Using OpenJDK for XML parsing and validation</a></span></dt></dl></dd><dt><span class="section"><a href="ch12s06.html">12.6. Protocol Encoders</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-Cryptography.html">13. Cryptography</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Cryptography.html#idm225455032912">13.1. Primitives</a></span></dt><dt><span class="section"><a href="ch13s02.html">13.2. Randomness</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-Packaging.html">14. RPM packaging</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Packaging.html#sect-Defensive_Coding-Tasks-Packaging-Certificates">14.1. Generating X.509 self-signed certificates during installation</a></span></dt><dt><span class="section"><a href="sect-Defensive_
Coding-Tasks-Packaging-Certificates-Service.html">14.2. Generating X.509 self-signed certificates before service start</a></span></dt></dl></dd></dl></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Vala.html"><strong>Prev</strong>Chapter 6. The Vala Programming Language</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Library_Design.html"><strong>Next</strong>Chapter 7. Library Design</a></li></ul></body></html>
\ No newline at end of file
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="index.html" title="Defensive Coding" /><link rel="prev" href="chap-Defensive_Coding-Vala.html" title="Chapter 7. The Vala Programming Language" /><link rel="next" href="chap-Defensive_Coding-Tasks-Library_Design.html" title="Chapter 8. Library Design" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Vala.html"><strong>Prev</strong></a></li><li cla
ss="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Library_Design.html"><strong>Next</strong></a></li></ul><div class="part" id="idm225441650288"><div class="titlepage"><div><div text-align="center"><h1 class="title">Part II. Specific Programming Tasks</h1></div></div></div><div class="toc"><p><strong>Table of Contents</strong></p><dl class="toc"><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-Library_Design.html">8. Library Design</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Library_Design.html#idm225456690032">8.1. State management</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Library_Design.html#idm225458399616">8.1.1. Global state</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Library_Design.html#idm225451977760">8.1.2. Handles</a></span></dt></dl></dd><dt><span class="section"><a href="ch08s02.html">8.2. Object orientation</a></span>
</dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Library_Design-Callbacks.html">8.3. Callbacks</a></span></dt><dt><span class="section"><a href="ch08s04.html">8.4. Process attributes</a></span></dt></dl></dd><dt><span class="chapter"><a href="sect-Defensive_Coding-Tasks-Descriptors.html">9. File Descriptor Management</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm225460870016">9.1. Closing descriptors</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm225453053392">9.1.1. Error handling during descriptor close</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm225444138928">9.1.2. Closing descriptors and race conditions</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm225451347680">9.1.3. Lingering state after close</a></span></dt></dl></dd><dt><span
class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html">9.2. Preventing file descriptor leaks to child processes</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html">9.3. Dealing with the <code class="function">select</code> limit</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-File_System.html">10. File system manipulation</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-File_System.html#sect-Defensive_Coding-Tasks-File_System-Unowned">10.1. Working with files and directories owned by other users</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Foreign.html">10.2. Accessing the file system as a different user</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Limits.html">10.3. File system limits</a></span></dt><dt><span class="section"><a
href="sect-Defensive_Coding-Tasks-File_System-Features.html">10.4. File system features</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-File_System-Free_Space.html">10.5. Checking free space</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-Temporary_Files.html">11. Temporary files</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Temporary_Files.html#chap-Defensive_Coding-Tasks-Temporary_Files-Location">11.1. Obtaining the location of temporary directory</a></span></dt><dt><span class="section"><a href="ch11s02.html">11.2. Named temporary files</a></span></dt><dt><span class="section"><a href="ch11s03.html">11.3. Temporary files without names</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Temporary_Directory.html">11.4. Temporary directories</a></span></dt><dt><span class="section"><a href="ch11s05.html">11.5. Compensating for unsafe file cr
eation</a></span></dt></dl></dd><dt><span class="chapter"><a href="sect-Defensive_Coding-Tasks-Processes.html">12. Processes</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-Creation">12.1. Safe process creation</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#idm225445040976">12.1.1. Obtaining the program path and the command line template</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-execve">12.1.2. Bypassing the shell</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-environ">12.1.3. Specifying the process environment</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#idm225434989808">12.1.4. Robust argument list processing</a><
/span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-Command_Line_Visibility">12.1.5. Passing secrets to subprocesses</a></span></dt></dl></dd><dt><span class="section"><a href="ch12s02.html">12.2. Handling child process termination</a></span></dt><dt><span class="section"><a href="ch12s03.html">12.3. <code class="literal">SUID</code>/<code class="literal">SGID</code> processes</a></span></dt><dd><dl><dt><span class="section"><a href="ch12s03.html#sect-Defensive_Coding-Tasks-secure_getenv">12.3.1. Accessing environment variables</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes-Daemons.html">12.4. Daemons</a></span></dt><dt><span class="section"><a href="ch12s05.html">12.5. Semantics of command line arguments</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html">12.6. <code class="function">fork</code>
as a primitive for parallelism</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-Serialization.html">13. Serialization and Deserialization</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Serialization.html#sect-Defensive_Coding-Tasks-Serialization-Decoders">13.1. Recommendations for manually written decoders</a></span></dt><dt><span class="section"><a href="ch13s02.html">13.2. Protocol design</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html">13.3. Fragmentation</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html#sect-Defensive_Coding-Tasks-Serialization-Fragmentation-ID">13.3.1. Fragment IDs</a></span></dt></dl></dd><dt><span class="section"><a href="ch13s04.html">13.4. Library support for deserialization</a></span></dt><dt><span class="section"><a href="sect-Defensive_Cod
ing-Tasks-Serialization-XML.html">13.5. XML serialization</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML.html#sect-Defensive_Coding-Tasks-Serialization-XML-External">13.5.1. External references</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html">13.5.2. Entity expansion</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html">13.5.3. XInclude processing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html">13.5.4. Algorithmic complexity of XML validation</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html">13.5.5. Using Expat for XML parsing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-Qt.html">13.5.6. Using Qt for XML parsing</a></span></dt><dt><spa
n class="section"><a href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html">13.5.7. Using OpenJDK for XML parsing and validation</a></span></dt></dl></dd><dt><span class="section"><a href="ch13s06.html">13.6. Protocol Encoders</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-Cryptography.html">14. Cryptography</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Cryptography.html#idm225466783088">14.1. Primitives</a></span></dt><dt><span class="section"><a href="ch14s02.html">14.2. Randomness</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-Tasks-Packaging.html">15. RPM packaging</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Tasks-Packaging.html#sect-Defensive_Coding-Tasks-Packaging-Certificates">15.1. Generating X.509 self-signed certificates during installation</a></span></dt><dt><span class="section"><a href="sect-Defe
nsive_Coding-Tasks-Packaging-Certificates-Service.html">15.2. Generating X.509 self-signed certificates before service start</a></span></dt></dl></dd></dl></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Vala.html"><strong>Prev</strong>Chapter 7. The Vala Programming Language</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Library_Design.html"><strong>Next</strong>Chapter 8. Library Design</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/pt03.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/pt03.html
index 8284d1f..2de2a21 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/pt03.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/pt03.html
@@ -6,4 +6,4 @@
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="index.html" title="Defensive Coding" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Packaging-Certificates-Service.html" title="14.2. Generating X.509 self-signed certificates before service start" /><link rel="next" href="chap-Defensive_Coding-Authentication.html" title="Chapter 15. Authentication and Authorization" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href
="sect-Defensive_Coding-Tasks-Packaging-Certificates-Service.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Authentication.html"><strong>Next</strong></a></li></ul><div class="part" id="idm225465981328"><div class="titlepage"><div><div text-align="center"><h1 class="title">Part III. Implementing Security Features</h1></div></div></div><div class="toc"><p><strong>Table of Contents</strong></p><dl class="toc"><dt><span class="chapter"><a href="chap-Defensive_Coding-Authentication.html">15. Authentication and Authorization</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Authentication.html#sect-Defensive_Coding-Authentication-Server">15.1. Authenticating servers</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Authentication-Host_based.html">15.2. Host-based authentication</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Authentication-UNIX_Domain.h
tml">15.3. UNIX domain socket authentication</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Authentication-Netlink.html">15.4. <code class="literal">AF_NETLINK</code> authentication of origin</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-TLS.html">16. Transport Layer Security</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls">16.1. Common Pitfalls</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-OpenSSL">16.1.1. OpenSSL Pitfalls</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-GNUTLS">16.1.2. GNUTLS Pitfalls</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-OpenJDK">16.1.3. OpenJDK Pitfalls</a></span></dt><dt><span class="section"><a href="chap-De
fensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-NSS">16.1.4. NSS Pitfalls</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client.html">16.2. TLS Clients</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client.html#idm225494367168">16.2.1. Implementation TLS Clients With OpenSSL</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-GNUTLS.html">16.2.2. Implementation TLS Clients With GNUTLS</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-OpenJDK.html">16.2.3. Implementing TLS Clients With OpenJDK</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-NSS.html">16.2.4. Implementing TLS Clients With NSS</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-Python.html">16.2.5. Implementing TLS Clients With Python</a></span></dt></dl></dd></dl></dd></dl></div></div><ul class="d
ocnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Packaging-Certificates-Service.html"><strong>Prev</strong>14.2. Generating X.509 self-signed certificates b...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Authentication.html"><strong>Next</strong>Chapter 15. Authentication and Authorization</a></li></ul></body></html>
\ No newline at end of file
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="index.html" title="Defensive Coding" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Packaging-Certificates-Service.html" title="15.2. Generating X.509 self-signed certificates before service start" /><link rel="next" href="chap-Defensive_Coding-Authentication.html" title="Chapter 16. Authentication and Authorization" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href
="sect-Defensive_Coding-Tasks-Packaging-Certificates-Service.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Authentication.html"><strong>Next</strong></a></li></ul><div class="part" id="idm225450350336"><div class="titlepage"><div><div text-align="center"><h1 class="title">Part III. Implementing Security Features</h1></div></div></div><div class="toc"><p><strong>Table of Contents</strong></p><dl class="toc"><dt><span class="chapter"><a href="chap-Defensive_Coding-Authentication.html">16. Authentication and Authorization</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-Authentication.html#sect-Defensive_Coding-Authentication-Server">16.1. Authenticating servers</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Authentication-Host_based.html">16.2. Host-based authentication</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Authentication-UNIX_Domain.h
tml">16.3. UNIX domain socket authentication</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Authentication-Netlink.html">16.4. <code class="literal">AF_NETLINK</code> authentication of origin</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Defensive_Coding-TLS.html">17. Transport Layer Security</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls">17.1. Common Pitfalls</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-OpenSSL">17.1.1. OpenSSL Pitfalls</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-GNUTLS">17.1.2. GNUTLS Pitfalls</a></span></dt><dt><span class="section"><a href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-OpenJDK">17.1.3. OpenJDK Pitfalls</a></span></dt><dt><span class="section"><a href="chap-De
fensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-NSS">17.1.4. NSS Pitfalls</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client.html">17.2. TLS Clients</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client.html#idm225439762448">17.2.1. Implementation TLS Clients With OpenSSL</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-GNUTLS.html">17.2.2. Implementation TLS Clients With GNUTLS</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-OpenJDK.html">17.2.3. Implementing TLS Clients With OpenJDK</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-NSS.html">17.2.4. Implementing TLS Clients With NSS</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-TLS-Client-Python.html">17.2.5. Implementing TLS Clients With Python</a></span></dt></dl></dd></dl></dd></dl></div></div><ul class="d
ocnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Packaging-Certificates-Service.html"><strong>Prev</strong>15.2. Generating X.509 self-signed certificates b...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Authentication.html"><strong>Next</strong>Chapter 16. Authentication and Authorization</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Authentication-Host_based.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Authentication-Host_based.html
index fa4bea8..043dd19 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Authentication-Host_based.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Authentication-Host_based.html
@@ -1,12 +1,12 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>15.2. Host-based authentication</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>16.2. Host-based authentication</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Authentication.html" title="Chapter 15. Authentication and Authorization" /><link rel="prev" href="chap-Defensive_Coding-Authentication.html" title="Chapter 15. Authentication and Authorization" /><link rel="next" href="sect-Defensive_Coding-Authentication-UNIX_Domain.html" title="15.3. UNIX domain socket authentication" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"
><a accesskey="p" href="chap-Defensive_Coding-Authentication.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Authentication-UNIX_Domain.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Authentication-Host_based"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">15.2. Host-based authentication</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Authentication.html" title="Chapter 16. Authentication and Authorization" /><link rel="prev" href="chap-Defensive_Coding-Authentication.html" title="Chapter 16. Authentication and Authorization" /><link rel="next" href="sect-Defensive_Coding-Authentication-UNIX_Domain.html" title="16.3. UNIX domain socket authentication" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"
><a accesskey="p" href="chap-Defensive_Coding-Authentication.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Authentication-UNIX_Domain.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Authentication-Host_based"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">16.2. Host-based authentication</h2></div></div></div><div class="para">
Host-based authentication uses access control lists (ACLs) to accept or deny requests from clients. Thsis authentication method comes in two flavors: IP-based (or, more generally, address-based) and name-based (with the name coming from DNS or <code class="filename">/etc/hosts</code>). IP-based ACLs often use prefix notation to extend access to entire subnets. Name-based ACLs sometimes use wildcards for adding groups of hosts (from entire DNS subtrees). (In the SSH context, host-based authentication means something completely different and is not covered in this section.)
</div><div class="para">
Host-based authentication trust the network and may not offer sufficient granularity, so it has to be considered a weak form of authentication. On the other hand, IP-based authentication can be made extremely robust and can be applied very early in input processing, so it offers an opportunity for significantly reducing the number of potential attackers for many services.
@@ -18,4 +18,4 @@
Similarly, if an address or name is not matched by the list, it should be denied. However, many implementations behave differently, so the actual behavior must be documented properly.
</div><div class="para">
IPv6 addresses can embed IPv4 addresses. There is no universally correct way to deal with this ambiguity. The behavior of the ACL implementation should be documented.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Authentication.html"><strong>Prev</strong>Chapter 15. Authentication and Authorization</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Authentication-UNIX_Domain.html"><strong>Next</strong>15.3. UNIX domain socket authentication</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Authentication.html"><strong>Prev</strong>Chapter 16. Authentication and Authorization</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Authentication-UNIX_Domain.html"><strong>Next</strong>16.3. UNIX domain socket authentication</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Authentication-Netlink.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Authentication-Netlink.html
index 75346fa..33c30c7 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Authentication-Netlink.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Authentication-Netlink.html
@@ -1,15 +1,15 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>15.4. AF_NETLINK authentication of origin</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>16.4. AF_NETLINK authentication of origin</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Authentication.html" title="Chapter 15. Authentication and Authorization" /><link rel="prev" href="sect-Defensive_Coding-Authentication-UNIX_Domain.html" title="15.3. UNIX domain socket authentication" /><link rel="next" href="chap-Defensive_Coding-TLS.html" title="Chapter 16. Transport Layer Security" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" h
ref="sect-Defensive_Coding-Authentication-UNIX_Domain.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-TLS.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Authentication-Netlink"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">15.4. <code class="literal">AF_NETLINK</code> authentication of origin</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Authentication.html" title="Chapter 16. Authentication and Authorization" /><link rel="prev" href="sect-Defensive_Coding-Authentication-UNIX_Domain.html" title="16.3. UNIX domain socket authentication" /><link rel="next" href="chap-Defensive_Coding-TLS.html" title="Chapter 17. Transport Layer Security" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" h
ref="sect-Defensive_Coding-Authentication-UNIX_Domain.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-TLS.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Authentication-Netlink"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">16.4. <code class="literal">AF_NETLINK</code> authentication of origin</h2></div></div></div><div class="para">
Netlink messages are used as a high-performance data transfer mechanism between the kernel and the userspace. Traditionally, they are used to exchange information related to the network statck, such as routing table entries.
</div><div class="para">
When processing Netlink messages from the kernel, it is important to check that these messages actually originate from the kernel, by checking that the port ID (or PID) field <code class="literal">nl_pid</code> in the <code class="literal">sockaddr_nl</code> structure is <code class="literal">0</code>. (This structure can be obtained using <code class="function">recvfrom</code> or <code class="function">recvmsg</code>, it is different from the <code class="literal">nlmsghdr</code> structure.) The kernel does not prevent other processes from sending unicast Netlink messages, but the <code class="literal">nl_pid</code> field in the sender's socket address will be non-zero in such cases.
</div><div class="para">
Applications should not use <code class="literal">AF_NETLINK</code> sockets as an IPC mechanism among processes, but prefer UNIX domain sockets for this tasks.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Authentication-UNIX_Domain.html"><strong>Prev</strong>15.3. UNIX domain socket authentication</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-TLS.html"><strong>Next</strong>Chapter 16. Transport Layer Security</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Authentication-UNIX_Domain.html"><strong>Prev</strong>16.3. UNIX domain socket authentication</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-TLS.html"><strong>Next</strong>Chapter 17. Transport Layer Security</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Authentication-UNIX_Domain.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Authentication-UNIX_Domain.html
index f8fbf4c..17600f8 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Authentication-UNIX_Domain.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Authentication-UNIX_Domain.html
@@ -1,12 +1,12 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>15.3. UNIX domain socket authentication</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>16.3. UNIX domain socket authentication</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Authentication.html" title="Chapter 15. Authentication and Authorization" /><link rel="prev" href="sect-Defensive_Coding-Authentication-Host_based.html" title="15.2. Host-based authentication" /><link rel="next" href="sect-Defensive_Coding-Authentication-Netlink.html" title="15.4. AF_NETLINK authentication of origin" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a a
ccesskey="p" href="sect-Defensive_Coding-Authentication-Host_based.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Authentication-Netlink.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Authentication-UNIX_Domain"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">15.3. UNIX domain socket authentication</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Authentication.html" title="Chapter 16. Authentication and Authorization" /><link rel="prev" href="sect-Defensive_Coding-Authentication-Host_based.html" title="16.2. Host-based authentication" /><link rel="next" href="sect-Defensive_Coding-Authentication-Netlink.html" title="16.4. AF_NETLINK authentication of origin" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a a
ccesskey="p" href="sect-Defensive_Coding-Authentication-Host_based.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Authentication-Netlink.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Authentication-UNIX_Domain"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">16.3. UNIX domain socket authentication</h2></div></div></div><div class="para">
UNIX domain sockets (with address family <code class="literal">AF_UNIX</code> or <code class="literal">AF_LOCAL</code>) are restricted to the local host and offer a special authentication mechanism: credentials passing.
</div><div class="para">
Nowadays, most systems support the <code class="literal">SO_PEERCRED</code> (Linux) or <code class="literal">LOCAL_PEERCRED</code> (FreeBSD) socket options, or the <code class="function">getpeereid</code> (other BSDs, MacOS X). These interfaces provide direct access to the (effective) user ID on the other end of a domain socket connect, without cooperation from the other end.
@@ -14,4 +14,4 @@
Historically, credentials passing was implemented using ancillary data in the <code class="function">sendmsg</code> and <code class="function">recvmsg</code> functions. On some systems, only credentials data that the peer has explicitly sent can be received, and the kernel checks the data for correctness on the sending side. This means that both peers need to deal with ancillary data. Compared to that, the modern interfaces are easier to use. Both sets of interfaces vary considerably among UNIX-like systems, unfortunately.
</div><div class="para">
If you want to authenticate based on supplementary groups, you should obtain the user ID using one of these methods, and look up the list of supplementary groups using <code class="function">getpwuid</code> (or <code class="function">getpwuid_r</code>) and <code class="function">getgrouplist</code>. Using the PID and information from <code class="filename">/proc/PID/status</code> is prone to race conditions and insecure.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Authentication-Host_based.html"><strong>Prev</strong>15.2. Host-based authentication</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Authentication-Netlink.html"><strong>Next</strong>15.4. AF_NETLINK authentication of origin</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Authentication-Host_based.html"><strong>Prev</strong>16.2. Host-based authentication</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Authentication-Netlink.html"><strong>Next</strong>16.4. AF_NETLINK authentication of origin</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Allocators.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Allocators.html
index aad968a..0c6cee6 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Allocators.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Allocators.html
@@ -6,7 +6,7 @@
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-C.html" title="Chapter 1. The C Programming Language" /><link rel="prev" href="ch01s02s03s07.html" title="1.2.3.7. Other strn* and stpn* functions" /><link rel="next" href="sect-Defensive_Coding-C-Allocators-alloca.html" title="1.3.2. alloca and other forms of stack-based allocation" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch01s02s03s07.h
tml"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-C-Allocators-alloca.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="section" id="sect-Defensive_Coding-C-Allocators" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">1.3. Memory allocators</h2></div></div></div><div class="section" id="idm225470719360"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225470719360">1.3.1. <code class="function">malloc</code> and related functions</h3></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-C.html" title="Chapter 1. The C Programming Language" /><link rel="prev" href="ch01s02s03s07.html" title="1.2.3.7. Other strn* and stpn* functions" /><link rel="next" href="sect-Defensive_Coding-C-Allocators-alloca.html" title="1.3.2. alloca and other forms of stack-based allocation" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch01s02s03s07.h
tml"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-C-Allocators-alloca.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="section" id="sect-Defensive_Coding-C-Allocators" lang="en-US"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">1.3. Memory allocators</h2></div></div></div><div class="section" id="idm225431847616"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225431847616">1.3.1. <code class="function">malloc</code> and related functions</h3></div></div></div><div class="para">
The C library interfaces for memory allocation are provided by <code class="function">malloc</code>, <code class="function">free</code> and <code class="function">realloc</code>, and the <code class="function">calloc</code> function. In addition to these generic functions, there are derived functions such as <code class="function">strdup</code> which perform allocation using <code class="function">malloc</code> internally, but do not return untyped heap memory (which could be used for any object).
</div><div class="para">
The C compiler knows about these functions and can use their expected behavior for optimizations. For instance, the compiler assumes that an existing pointer (or a pointer derived from an existing pointer by arithmetic) will not point into the memory area returned by <code class="function">malloc</code>.
@@ -16,8 +16,8 @@
After <code class="function">free</code>, the pointer is invalid. Further pointer dereferences are not allowed (and are usually detected by <span class="application"><strong>valgrind</strong></span>). Less obvious is that any <span class="emphasis"><em>use</em></span> of the old pointer value is not allowed, either. In particular, comparisons with any other pointer (or the null pointer) are undefined according to the C standard.
</div><div class="para">
The same rules apply to <code class="function">realloc</code> if the memory area cannot be enlarged in-place. For instance, the compiler may assume that a comparison between the old and new pointer will always return false, so it is impossible to detect movement this way.
- </div></div><div class="section" id="idm225452479120"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm225452479120">1.3.1.2. Handling memory allocation errors</h4></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225441415456"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm225441415456">1.3.1.2. Handling memory allocation errors</h4></div></div></div><div class="para">
Recovering from out-of-memory errors is often difficult or even impossible. In these cases, <code class="function">malloc</code> and other allocation functions return a null pointer. Dereferencing this pointer lead to a crash. Such dereferences can even be exploitable for code execution if the dereference is combined with an array subscript.
</div><div class="para">
- In general, if you cannot check all allocation calls and handle failure, you should abort the program on allocation failure, and not rely on the null pointer dereference to terminate the process. See <a class="xref" href="chap-Defensive_Coding-Tasks-Serialization.html#sect-Defensive_Coding-Tasks-Serialization-Decoders">Section 12.1, “Recommendations for manually written decoders”</a> for related memory allocation concerns.
+ In general, if you cannot check all allocation calls and handle failure, you should abort the program on allocation failure, and not rely on the null pointer dereference to terminate the process. See <a class="xref" href="chap-Defensive_Coding-Tasks-Serialization.html#sect-Defensive_Coding-Tasks-Serialization-Decoders">Section 13.1, “Recommendations for manually written decoders”</a> for related memory allocation concerns.
</div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch01s02s03s07.html"><strong>Prev</strong>1.2.3.7. Other strn* and stpn* functions</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-C-Allocators-alloca.html"><strong>Next</strong>1.3.2. alloca and other forms of stack-based allo...</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Avoid.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Avoid.html
index 9ab4e9f..d02b34c 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Avoid.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-C-Avoid.html
@@ -21,15 +21,15 @@
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
<code class="function">alloca</code> ⟶ <code class="function">malloc</code> and <code class="function">free</code> (see <a class="xref" href="sect-Defensive_Coding-C-Allocators-alloca.html">Section 1.3.2, “<code class="function">alloca</code> and other forms of stack-based allocation”</a>)
</div></li><li class="listitem"><div class="para">
- <code class="function">putenv</code> ⟶ explicit <code class="varname">envp</code> argument in process creation (see <a class="xref" href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-environ">Section 11.1.3, “Specifying the process environment”</a>)
+ <code class="function">putenv</code> ⟶ explicit <code class="varname">envp</code> argument in process creation (see <a class="xref" href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-environ">Section 12.1.3, “Specifying the process environment”</a>)
</div></li><li class="listitem"><div class="para">
- <code class="function">setenv</code> ⟶ explicit <code class="varname">envp</code> argument in process creation (see <a class="xref" href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-environ">Section 11.1.3, “Specifying the process environment”</a>)
+ <code class="function">setenv</code> ⟶ explicit <code class="varname">envp</code> argument in process creation (see <a class="xref" href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-environ">Section 12.1.3, “Specifying the process environment”</a>)
</div></li><li class="listitem"><div class="para">
<code class="function">strdupa</code> ⟶ <code class="function">strdup</code> and <code class="function">free</code> (see <a class="xref" href="sect-Defensive_Coding-C-Allocators-alloca.html">Section 1.3.2, “<code class="function">alloca</code> and other forms of stack-based allocation”</a>)
</div></li><li class="listitem"><div class="para">
<code class="function">strndupa</code> ⟶ <code class="function">strndup</code> and <code class="function">free</code> (see <a class="xref" href="sect-Defensive_Coding-C-Allocators-alloca.html">Section 1.3.2, “<code class="function">alloca</code> and other forms of stack-based allocation”</a>)
</div></li><li class="listitem"><div class="para">
- <code class="function">system</code> ⟶ <code class="function">posix_spawn</code> or <code class="function">fork</code>/<code class="function">execve</code>/ (see <a class="xref" href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-execve">Section 11.1.2, “Bypassing the shell”</a>)
+ <code class="function">system</code> ⟶ <code class="function">posix_spawn</code> or <code class="function">fork</code>/<code class="function">execve</code>/ (see <a class="xref" href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-execve">Section 12.1.2, “Bypassing the shell”</a>)
</div></li><li class="listitem"><div class="para">
- <code class="function">unsetenv</code> ⟶ explicit <code class="varname">envp</code> argument in process creation (see <a class="xref" href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-environ">Section 11.1.3, “Specifying the process environment”</a>)
+ <code class="function">unsetenv</code> ⟶ explicit <code class="varname">envp</code> argument in process creation (see <a class="xref" href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-environ">Section 12.1.3, “Specifying the process environment”</a>)
</div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-C-Libc.html"><strong>Prev</strong>1.2. The C standard library</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-C-String-Functions-Length.html"><strong>Next</strong>1.2.3. String Functions With Explicit Length Argu...</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Shell-Double_Expansion.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Shell-Double_Expansion.html
new file mode 100644
index 0000000..801d234
--- /dev/null
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Shell-Double_Expansion.html
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>5.2.2. Double expansion</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora_Security_Team');
+
+ addID('Fedora_Security_Team.1');
+
+ addID('Fedora_Security_Team.1.books');
+ addID('Fedora_Security_Team.1.Defensive_Coding');
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Shell-Language.html" title="5.2. Shell language features" /><link rel="prev" href="sect-Defensive_Coding-Shell-Language.html" title="5.2. Shell language features" /><link rel="next" href="sect-Defensive_Coding-Shell-Types.html" title="5.2.2.2. Type declarations" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Shell-Language.h
tml"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Shell-Types.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Shell-Double_Expansion"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">5.2.2. Double expansion</h3></div></div></div><div class="para">
+ <span class="emphasis"><em>Double expansion</em></span> occurs when, during the expansion of a shell variable, not just the variable is expanded, replacing it by its value, but the <span class="emphasis"><em>value</em></span> of the variable is itself is expanded as well. This can trigger arbitrary code execution, unless the value of the variable is verified against a restrictive pattern.
+ </div><div class="para">
+ The evaluation process is in fact recursive, so a self-referential expression can cause an out-of-memory condition and a shell crash.
+ </div><div class="para">
+ Double expansion may seem like as a defect, but it is implemented by many shells, and has to be considered an integral part of the shell programming language. However, it does make writing robust shell scripts difficult.
+ </div><div class="para">
+ Double expansion can be requested explicitly with the <code class="literal">eval</code> built-in command, or by invoking a subshell with “<code class="literal">bash -c</code>”. These constructs should not be used.
+ </div><div class="para">
+ The following sections give examples of places where implicit double expansion occurs.
+ </div><div class="section" id="sect-Defensive_Coding-Shell-Arithmetic"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title">5.2.2.1. Arithmetic evaluation</h4></div></div></div><div class="para">
+ <span class="emphasis"><em>Arithmetic evaluation</em></span> is a process by which the shell computes the integer value of an expression specified as a string. It is highly problematic for two reasons: It triggers double expansion (see <a class="xref" href="sect-Defensive_Coding-Shell-Double_Expansion.html">Section 5.2.2, “Double expansion”</a>), and the language of arithmetic expressions is not self-contained. Some constructs in arithmetic expressions (notably array subscripts) provide a trapdoor from the restricted language of arithmetic expressions to the full shell language, thus paving the way towards arbitrary code execution. Due to double expansion, input which is (indirectly) referenced from an arithmetic expression can trigger execution of arbitrary code, which is potentially harmful.
+ </div><div class="para">
+ Arithmetic evaluation is triggered by the follow constructs:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ The <span class="emphasis"><em>expression</em></span> in “<code class="literal">$((</code><span class="emphasis"><em>expression</em></span><code class="literal">))</code>” is evaluated. This construct is called <span class="emphasis"><em>arithmetic expansion</em></span>.
+ </div></li><li class="listitem"><div class="para">
+ “<code class="literal">$[</code><span class="emphasis"><em>expression</em></span><code class="literal">]</code>” is a deprecated syntax with the same effect.
+ </div></li><li class="listitem"><div class="para">
+ The arguments to the <code class="literal">let</code> shell built-in are evaluated.
+ </div></li><li class="listitem"><div class="para">
+ “<code class="literal">((</code><span class="emphasis"><em>expression</em></span><code class="literal">))</code>” is an alternative syntax for “<code class="literal">let </code><span class="emphasis"><em>expression</em></span>”.
+ </div></li><li class="listitem"><div class="para">
+ Conditional expressions surrounded by “<code class="literal">[[</code>…<code class="literal">]]</code>” can trigger arithmetic evaluation if certain operators such as <code class="literal">-eq</code> are used. (The <code class="literal">test</code> built-in does not perform arithmetic evaluation, even with integer operators such as <code class="literal">-eq</code>.)
+ </div><div class="para">
+ The conditional expression “<code class="literal">[[ $</code><span class="emphasis"><em>variable</em></span><code class="literal"> =~ </code><span class="emphasis"><em>regexp</em></span><code class="literal"> ]]</code>” can be used for input validation, assuming that <span class="emphasis"><em>regexp</em></span> is a constant regular expression. See <a class="xref" href="sect-Defensive_Coding-Shell-Input_Validation.html">Section 5.5, “Performing input validation”</a>.
+ </div></li><li class="listitem"><div class="para">
+ Certain parameter expansions, for example “<code class="literal">${</code><span class="emphasis"><em>variable</em></span><code class="literal">[</code><span class="emphasis"><em>expression</em></span><code class="literal">]}</code>” (array indexing) or “<code class="literal">${</code><span class="emphasis"><em>variable</em></span><code class="literal">:</code><span class="emphasis"><em>expression</em></span><code class="literal">}</code>” (string slicing), trigger arithmetic evaluation of <span class="emphasis"><em>expression</em></span>.
+ </div></li><li class="listitem"><div class="para">
+ Assignment to array elements using “<span class="emphasis"><em>array_variable</em></span><code class="literal">[</code><span class="emphasis"><em>subscript</em></span><code class="literal">]=</code><span class="emphasis"><em>expression</em></span>” triggers evaluation of <span class="emphasis"><em>subscript</em></span>, but not <span class="emphasis"><em>expression</em></span>.
+ </div></li><li class="listitem"><div class="para">
+ The expressions in the arithmetic <code class="literal">for</code> command, “<code class="literal">for ((</code><span class="emphasis"><em>expression1</em></span><code class="literal">; </code><span class="emphasis"><em>expression2</em></span><code class="literal">; </code><span class="emphasis"><em>expression3</em></span><code class="literal">)); do </code><span class="emphasis"><em>commands</em></span><code class="literal">; done</code>” are evaluated. This does not apply to the regular for command, “<code class="literal">for </code><span class="emphasis"><em>variable</em></span><code class="literal"> in </code><span class="emphasis"><em>list</em></span><code class="literal">; do </code><span class="emphasis"><em>commands</em></span><code class="literal">; done</code>”.
+ </div></li></ul></div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ Depending on the <span class="application"><strong>bash</strong></span> version, the above list may be incomplete.
+ </div><div class="para">
+ If faced with a situation where using such shell features appears necessary, see <a class="xref" href="chap-Defensive_Coding-Shell.html#sect-Defensive_Coding-Shell-Alternatives">Section 5.1, “Consider alternatives”</a>.
+ </div></div></div><div class="para">
+ If it is impossible to avoid shell arithmetic on untrusted inputs, refer to <a class="xref" href="sect-Defensive_Coding-Shell-Input_Validation.html">Section 5.5, “Performing input validation”</a>.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Shell-Language.html"><strong>Prev</strong>5.2. Shell language features</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Shell-Types.html"><strong>Next</strong>5.2.2.2. Type declarations</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Shell-Edit_Guard.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Shell-Edit_Guard.html
new file mode 100644
index 0000000..deaa12b
--- /dev/null
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Shell-Edit_Guard.html
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>5.6. Guarding shell scripts against changes</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora_Security_Team');
+
+ addID('Fedora_Security_Team.1');
+
+ addID('Fedora_Security_Team.1.books');
+ addID('Fedora_Security_Team.1.Defensive_Coding');
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Shell.html" title="Chapter 5. Shell Programming and bash" /><link rel="prev" href="sect-Defensive_Coding-Shell-Input_Validation.html" title="5.5. Performing input validation" /><link rel="next" href="chap-Defensive_Coding-Go.html" title="Chapter 6. The Go Programming Language" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding
-Shell-Input_Validation.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Go.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Shell-Edit_Guard"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">5.6. Guarding shell scripts against changes</h2></div></div></div><div class="para">
+ <span class="application"><strong>bash</strong></span> only reads a shell script up to the point it is needed for executed the next command. This means that if script is overwritten while it is running, execution can jump to a random part of the script, depending on what is modified in the script and how the file offsets change as a result. (This behavior is needed to support self-extracting shell archives whose script part is followed by a stream of bytes which does not follow the shell language syntax.)
+ </div><div class="para">
+ Therefore, long-running scripts should be guarded against concurrent modification by putting as much of the program logic into a <code class="literal">main</code> function, and invoking the <code class="literal">main</code> function at the end of the script, using this syntax:
+ </div><div class="informalexample"><pre class="programlisting">
+main <span class="perl_String">"</span><span class="perl_Others">$@</span><span class="perl_String">"</span> ; <span class="perl_Reserved">exit</span> <span class="perl_Others">$?</span>
+</pre></div><div class="para">
+ This construct ensures that <span class="application"><strong>bash</strong></span> will stop execution after the <code class="literal">main</code> function, instead of opening the script file and trying to read more commands.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Shell-Input_Validation.html"><strong>Prev</strong>5.5. Performing input validation</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Go.html"><strong>Next</strong>Chapter 6. The Go Programming Language</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Shell-Input_Validation.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Shell-Input_Validation.html
new file mode 100644
index 0000000..96e71dc
--- /dev/null
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Shell-Input_Validation.html
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>5.5. Performing input validation</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora_Security_Team');
+
+ addID('Fedora_Security_Team.1');
+
+ addID('Fedora_Security_Team.1.books');
+ addID('Fedora_Security_Team.1.Defensive_Coding');
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Shell.html" title="Chapter 5. Shell Programming and bash" /><link rel="prev" href="sect-Defensive_Coding-Shell-Temporary_Files.html" title="5.4. Temporary files" /><link rel="next" href="sect-Defensive_Coding-Shell-Edit_Guard.html" title="5.6. Guarding shell scripts against changes" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_C
oding-Shell-Temporary_Files.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Shell-Edit_Guard.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Shell-Input_Validation"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">5.5. Performing input validation</h2></div></div></div><div class="para">
+ In some cases, input validation cannot be avoided. For example, if arithmetic evaluation is absolutely required, it is imperative to check that input values are, in fact, integers. See <a class="xref" href="sect-Defensive_Coding-Shell-Double_Expansion.html#sect-Defensive_Coding-Shell-Arithmetic">Section 5.2.2.1, “Arithmetic evaluation”</a>.
+ </div><div class="para">
+ <a class="xref" href="sect-Defensive_Coding-Shell-Input_Validation.html#ex-Defensive_Coding-Shell-Input_Validation">Example 5.2, “Input validation in <span class="application">bash</span>”</a> shows a construct which can be used to check if a string “<code class="literal">$value</code>” is an integer. This construct is specific to <span class="application"><strong>bash</strong></span> and not portable to POSIX shells.
+ </div><div class="example" id="ex-Defensive_Coding-Shell-Input_Validation"><h6>Example 5.2. Input validation in <span class="application">bash</span></h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+<span class="perl_Keyword">if [[</span> <span class="perl_Others">$value</span> =~ ^-?[0-9]+$<span class="perl_Keyword"> ]]</span> ; <span class="perl_Keyword">then</span>
+ <span class="perl_Reserved">echo</span> value is an integer
+<span class="perl_Keyword">else</span>
+ <span class="perl_Reserved">echo</span> <span class="perl_String">"value is not an integer"</span> <span class="perl_Operator">1>&2</span>
+ <span class="perl_Reserved">exit</span> 1
+<span class="perl_Keyword">fi</span>
+</pre></div></div><br class="example-break" /><div class="para">
+ Using <code class="literal">case</code> statements for input validation is also possible and supported by other (POSIX) shells, but the pattern language is more restrictive, and it can be difficult to write suitable patterns.
+ </div><div class="para">
+ The <code class="literal">expr</code> external command can give misleading results (e.g., if the value being checked contains operators itself) and should not be used.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Shell-Temporary_Files.html"><strong>Prev</strong>5.4. Temporary files</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Shell-Edit_Guard.html"><strong>Next</strong>5.6. Guarding shell scripts against changes</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Shell-Invoke.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Shell-Invoke.html
new file mode 100644
index 0000000..db93fe8
--- /dev/null
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Shell-Invoke.html
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>5.3. Invoking external commands</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora_Security_Team');
+
+ addID('Fedora_Security_Team.1');
+
+ addID('Fedora_Security_Team.1.books');
+ addID('Fedora_Security_Team.1.Defensive_Coding');
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Shell.html" title="Chapter 5. Shell Programming and bash" /><link rel="prev" href="sect-Defensive_Coding-Shell-Obscure.html" title="5.2.3. Other obscurities" /><link rel="next" href="sect-Defensive_Coding-Shell-Temporary_Files.html" title="5.4. Temporary files" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Shell-Obscure.ht
ml"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Shell-Temporary_Files.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Shell-Invoke"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">5.3. Invoking external commands</h2></div></div></div><div class="para">
+ When passing shell variables as single command line arguments, they should always be surrounded by double quotes. See <a class="xref" href="sect-Defensive_Coding-Shell-Language.html#sect-Defensive_Coding-Shell-Parameter_Expansion">Section 5.2.1, “Parameter expansion”</a>.
+ </div><div class="para">
+ Care is required when passing untrusted values as positional parameters to external commands. If the value starts with a hyphen “<code class="literal">-</code>”, it may be interpreted by the external command as an option. Depending on the external program, a “<code class="literal">--</code>” argument stops option processing and treats all following arguments as positional parameters. (Double quotes are completely invisible to the command being invoked, so they do not prevent variable values from being interpreted as options.)
+ </div><div class="para">
+ Cleaning the environment before invoking child processes is difficult to implement in script. <span class="application"><strong>bash</strong></span> keeps a hidden list of environment variables which do not correspond to shell variables, and unsetting them from within a <span class="application"><strong>bash</strong></span> script is not possible. To reset the environment, a script can re-run itself under the “<code class="literal">env -i</code>” command with an additional parameter which indicates the environment has been cleared and suppresses a further self-execution. Alternatively, individual commands can be executed with “<code class="literal">env -i</code>”.
+ </div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
+ Completely isolation from its original execution environment (which is required when the script is executed after a trust transition, e.g., triggered by the SUID mechanism) is impossible to achieve from within the shell script itself. Instead, the invoking process has to clear the process environment (except for few trusted variables) before running the shell script.
+ </div></div></div><div class="para">
+ Checking for failures in executed external commands is recommended. If no elaborate error recovery is needed, invoking “<code class="literal">set -e</code>” may be sufficient. This causes the script to stop on the first failed command. However, failures in pipes (“<code class="literal">command1 | command2</code>”) are only detected for the last command in the pipe, errors in previous commands are ignored. This can be changed by invoking “<code class="literal">set -o pipefail</code>”. Due to architectural limitations, only the process that spawned the entire pipe can check for failures in individual commands; it is not possible for a process to tell if the process feeding data (or the process consuming data) exited normally or with an error.
+ </div><div class="para">
+ See <a class="xref" href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-Creation">Section 12.1, “Safe process creation”</a> for additional details on creating child processes.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Shell-Obscure.html"><strong>Prev</strong>5.2.3. Other obscurities</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Shell-Temporary_Files.html"><strong>Next</strong>5.4. Temporary files</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Shell-Language.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Shell-Language.html
new file mode 100644
index 0000000..7deb066
--- /dev/null
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Shell-Language.html
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>5.2. Shell language features</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora_Security_Team');
+
+ addID('Fedora_Security_Team.1');
+
+ addID('Fedora_Security_Team.1.books');
+ addID('Fedora_Security_Team.1.Defensive_Coding');
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Shell.html" title="Chapter 5. Shell Programming and bash" /><link rel="prev" href="chap-Defensive_Coding-Shell.html" title="Chapter 5. Shell Programming and bash" /><link rel="next" href="sect-Defensive_Coding-Shell-Double_Expansion.html" title="5.2.2. Double expansion" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Shell.
html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Shell-Double_Expansion.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Shell-Language"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">5.2. Shell language features</h2></div></div></div><div class="para">
+ The following sections cover subtleties concerning the shell programming languages. They have been written with the <span class="application"><strong>bash</strong></span> shell in mind, but some of these features apply to other shells as well.
+ </div><div class="para">
+ Some of the features described may seem like implementation defects, but these features have been replicated across multiple independent implementations, so they now have to be considered part of the shell programming language.
+ </div><div class="section" id="sect-Defensive_Coding-Shell-Parameter_Expansion"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">5.2.1. Parameter expansion</h3></div></div></div><div class="para">
+ The mechanism by which named shell variables and parameters are expanded is called <span class="emphasis"><em>parameter expansion</em></span>. The most basic syntax is “<code class="literal">$</code><span class="emphasis"><em>variable</em></span>” or “<code class="literal">${</code><span class="emphasis"><em>variable</em></span><code class="literal">}</code>”.
+ </div><div class="para">
+ In almost all cases, a parameter expansion should be enclosed in double quotation marks <code class="literal">"</code>…<code class="literal">"</code>.
+ </div><div class="informalexample"><pre class="programlisting">
+external-program <span class="perl_String">"</span><span class="perl_Others">$arg1</span><span class="perl_String">"</span> <span class="perl_String">"</span><span class="perl_Others">$arg2</span><span class="perl_String">"</span>
+</pre></div><div class="para">
+ If the double quotation marks are omitted, the value of the variable will be split according to the current value of the <code class="envar">IFS</code> variable. This may allow the injection of additional options which are then processed by <code class="literal">external-program</code>.
+ </div><div class="para">
+ Parameter expansion can use special syntax for specific features, such as substituting defaults or performing string or array operations. These constructs should not be used because they can trigger arithmetic evaluation, which can result in code execution. See <a class="xref" href="sect-Defensive_Coding-Shell-Double_Expansion.html#sect-Defensive_Coding-Shell-Arithmetic">Section 5.2.2.1, “Arithmetic evaluation”</a>.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Shell.html"><strong>Prev</strong>Chapter 5. Shell Programming and bash</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Shell-Double_Expansion.html"><strong>Next</strong>5.2.2. Double expansion</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Shell-Obscure.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Shell-Obscure.html
new file mode 100644
index 0000000..8643478
--- /dev/null
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Shell-Obscure.html
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>5.2.3. Other obscurities</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora_Security_Team');
+
+ addID('Fedora_Security_Team.1');
+
+ addID('Fedora_Security_Team.1.books');
+ addID('Fedora_Security_Team.1.Defensive_Coding');
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Shell-Language.html" title="5.2. Shell language features" /><link rel="prev" href="sect-Defensive_Coding-Shell-Types.html" title="5.2.2.2. Type declarations" /><link rel="next" href="sect-Defensive_Coding-Shell-Invoke.html" title="5.3. Invoking external commands" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Shell-Types.htm
l"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Shell-Invoke.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Shell-Obscure"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">5.2.3. Other obscurities</h3></div></div></div><div class="para">
+ Obscure shell language features should not be used. Examples are:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Exported functions (<code class="literal">export -f</code> or <code class="literal">declare -f</code>).
+ </div></li><li class="listitem"><div class="para">
+ Function names which are not valid variable names, such as “<code class="literal">module::function</code>”.
+ </div></li><li class="listitem"><div class="para">
+ The possibility to override built-ins or external commands with shell functions.
+ </div></li><li class="listitem"><div class="para">
+ Changing the value of the <code class="envar">IFS</code> variable to tokenize strings.
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Shell-Types.html"><strong>Prev</strong>5.2.2.2. Type declarations</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Shell-Invoke.html"><strong>Next</strong>5.3. Invoking external commands</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Shell-Temporary_Files.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Shell-Temporary_Files.html
new file mode 100644
index 0000000..21afb22
--- /dev/null
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Shell-Temporary_Files.html
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>5.4. Temporary files</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora_Security_Team');
+
+ addID('Fedora_Security_Team.1');
+
+ addID('Fedora_Security_Team.1.books');
+ addID('Fedora_Security_Team.1.Defensive_Coding');
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Shell.html" title="Chapter 5. Shell Programming and bash" /><link rel="prev" href="sect-Defensive_Coding-Shell-Invoke.html" title="5.3. Invoking external commands" /><link rel="next" href="sect-Defensive_Coding-Shell-Input_Validation.html" title="5.5. Performing input validation" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Codi
ng-Shell-Invoke.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Shell-Input_Validation.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Shell-Temporary_Files"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">5.4. Temporary files</h2></div></div></div><div class="para">
+ Temporary files should be created with the <code class="literal">mktemp</code> command, and temporary directories with “<code class="literal">mktemp -d</code>”.
+ </div><div class="para">
+ To clean up temporary files and directories, write a clean-up shell function and register it as a trap handler, as shown in <a class="xref" href="sect-Defensive_Coding-Shell-Temporary_Files.html#ex-Defensive_Coding-Tasks-Temporary_Files">Example 5.1, “Creating and cleaning up temporary files”</a>. Using a separate function avoids issues with proper quoting of variables.
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Temporary_Files"><h6>Example 5.1. Creating and cleaning up temporary files</h6><div class="example-contents"><div class="informalexample"><pre class="programlisting">
+<span class="perl_Others">tmpfile=</span><span class="perl_String">"</span><span class="perl_Others">$(</span><span class="perl_BString">mktemp</span><span class="perl_Others">)</span><span class="perl_String">"</span>
+
+<span class="perl_Char">cleanup ()</span> <span class="perl_Keyword">{</span>
+ <span class="perl_BString">rm</span> -f -- <span class="perl_String">"</span><span class="perl_Others">$tmpfile</span><span class="perl_String">"</span>
+<span class="perl_Keyword">}</span>
+
+<span class="perl_Reserved">trap</span> cleanup 0
+</pre></div></div></div><br class="example-break" /></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Shell-Invoke.html"><strong>Prev</strong>5.3. Invoking external commands</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Shell-Input_Validation.html"><strong>Next</strong>5.5. Performing input validation</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Shell-Types.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Shell-Types.html
new file mode 100644
index 0000000..56bb52d
--- /dev/null
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Shell-Types.html
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>5.2.2.2. Type declarations</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora_Security_Team');
+
+ addID('Fedora_Security_Team.1');
+
+ addID('Fedora_Security_Team.1.books');
+ addID('Fedora_Security_Team.1.Defensive_Coding');
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Shell-Double_Expansion.html" title="5.2.2. Double expansion" /><link rel="prev" href="sect-Defensive_Coding-Shell-Double_Expansion.html" title="5.2.2. Double expansion" /><link rel="next" href="sect-Defensive_Coding-Shell-Obscure.html" title="5.2.3. Other obscurities" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Shell-Doub
le_Expansion.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Shell-Obscure.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Shell-Types"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title">5.2.2.2. Type declarations</h4></div></div></div><div class="para">
+ <span class="application"><strong>bash</strong></span> supports explicit type declarations for shell variables:
+ </div><div class="informalexample"><pre class="programlisting">
+ <span class="perl_Reserved">declare</span> -i <span class="perl_Others">integer_variable</span>
+ <span class="perl_Reserved">declare</span> -a <span class="perl_Others">array_variable</span>
+ <span class="perl_Reserved">declare</span> -A <span class="perl_Others">assoc_array_variable</span>
+
+ <span class="perl_Reserved">typeset</span> -i <span class="perl_Others">integer_variable</span>
+ <span class="perl_Reserved">typeset</span> -a <span class="perl_Others">array_variable</span>
+ <span class="perl_Reserved">typeset</span> -A <span class="perl_Others">assoc_array_variable</span>
+
+ <span class="perl_Reserved">local</span> -i <span class="perl_Others">integer_variable</span>
+ <span class="perl_Reserved">local</span> -a <span class="perl_Others">array_variable</span>
+ <span class="perl_Reserved">local</span> -A <span class="perl_Others">assoc_array_variable</span>
+
+ <span class="perl_Reserved">readonly</span> -i <span class="perl_Others">integer_variable</span>
+ <span class="perl_Reserved">readonly</span> -a <span class="perl_Others">array_variable</span>
+ <span class="perl_Reserved">readonly</span> -A <span class="perl_Others">assoc_array_variable</span>
+</pre></div><div class="para">
+ Variables can also be declared as arrays by assigning them an array expression, as in:
+ </div><div class="informalexample"><pre class="programlisting">
+<span class="perl_Others">array_variable=(</span>1 2 3 4<span class="perl_Others">)</span>
+</pre></div><div class="para">
+ Some built-ins (such as <code class="literal">mapfile</code>) can implicitly create array variables.
+ </div><div class="para">
+ Such type declarations should not be used because assignment to such variables (independent of the concrete syntax used for the assignment) triggers arithmetic expansion (and thus double expansion) of the right-hand side of the assignment operation. See <a class="xref" href="sect-Defensive_Coding-Shell-Double_Expansion.html#sect-Defensive_Coding-Shell-Arithmetic">Section 5.2.2.1, “Arithmetic evaluation”</a>.
+ </div><div class="para">
+ Shell scripts which use integer or array variables should be rewritten in another, more suitable language. Se <a class="xref" href="chap-Defensive_Coding-Shell.html#sect-Defensive_Coding-Shell-Alternatives">Section 5.1, “Consider alternatives”</a>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Shell-Double_Expansion.html"><strong>Prev</strong>5.2.2. Double expansion</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Shell-Obscure.html"><strong>Next</strong>5.2.3. Other obscurities</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client-GNUTLS.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client-GNUTLS.html
index b185d78..8e6ab04 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client-GNUTLS.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client-GNUTLS.html
@@ -1,22 +1,22 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>16.2.2. Implementation TLS Clients With GNUTLS</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>17.2.2. Implementation TLS Clients With GNUTLS</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-TLS-Client.html" title="16.2. TLS Clients" /><link rel="prev" href="sect-Defensive_Coding-TLS-Client.html" title="16.2. TLS Clients" /><link rel="next" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html" title="16.2.3. Implementing TLS Clients With OpenJDK" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-TLS-Client.html"><st
rong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-TLS-Client-GNUTLS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">16.2.2. Implementation TLS Clients With GNUTLS</h3></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-TLS-Client.html" title="17.2. TLS Clients" /><link rel="prev" href="sect-Defensive_Coding-TLS-Client.html" title="17.2. TLS Clients" /><link rel="next" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html" title="17.2.3. Implementing TLS Clients With OpenJDK" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-TLS-Client.html"><st
rong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-TLS-Client-GNUTLS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">17.2.2. Implementation TLS Clients With GNUTLS</h3></div></div></div><div class="para">
This section describes how to implement a TLS client with full certificate validation (but without certificate revocation checking). Note that the error handling in is only exploratory and needs to be replaced before production use.
</div><div class="para">
The GNUTLS library needs explicit initialization:
</div><div class="informalexample" id="ex-Defensive_Coding-TLS-GNUTLS-Init"><pre xml:lang="en-US" class="programlisting" lang="en-US">
gnutls_global_init();
</pre></div><div class="para">
- Failing to do so can result in obscure failures in Base64 decoding. See <a class="xref" href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-GNUTLS">Section 16.1.2, “GNUTLS Pitfalls”</a> for additional aspects of initialization.
+ Failing to do so can result in obscure failures in Base64 decoding. See <a class="xref" href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-Pitfalls-GNUTLS">Section 17.1.2, “GNUTLS Pitfalls”</a> for additional aspects of initialization.
</div><div class="para">
- Before setting up TLS connections, a credentials objects has to be allocated and initialized with the set of trusted root CAs (<a class="xref" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html#ex-Defensive_Coding-TLS-Client-GNUTLS-Credentials">Example 16.9, “Initializing a GNUTLS credentials structure”</a>).
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-GNUTLS-Credentials"><h6>Example 16.9. Initializing a GNUTLS credentials structure</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ Before setting up TLS connections, a credentials objects has to be allocated and initialized with the set of trusted root CAs (<a class="xref" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html#ex-Defensive_Coding-TLS-Client-GNUTLS-Credentials">Example 17.9, “Initializing a GNUTLS credentials structure”</a>).
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-GNUTLS-Credentials"><h6>Example 17.9. Initializing a GNUTLS credentials structure</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Load the trusted CA certificates.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>gnutls_certificate_credentials_t cred = NULL;
<span class="perl_DataType">int</span> ret = gnutls_certificate_allocate_credentials (&cred);
@@ -47,8 +47,8 @@ gnutls_certificate_free_credentials(cred);
</pre></div><div class="para">
During its lifetime, the credentials object can be used to initialize TLS session objects from multiple threads, provided that it is not changed.
</div><div class="para">
- Once the TCP connection has been established, the Nagle algorithm should be disabled (see <a class="xref" href="chap-Defensive_Coding-TLS.html#ex-Defensive_Coding-TLS-Nagle">Example 16.1, “Deactivating the TCP Nagle algorithm”</a>). After that, the socket can be associated with a new GNUTLS session object. The previously allocated credentials object provides the set of root CAs. The <code class="literal">NORMAL</code> set of cipher suites and protocols provides a reasonable default. Then the TLS handshake must be initiated. This is shown in <a class="xref" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html#ex-Defensive_Coding-TLS-Client-GNUTLS-Connect">Example 16.10, “Establishing a TLS client connection using GNUTLS”</a>.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-GNUTLS-Connect"><h6>Example 16.10. Establishing a TLS client connection using GNUTLS</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ Once the TCP connection has been established, the Nagle algorithm should be disabled (see <a class="xref" href="chap-Defensive_Coding-TLS.html#ex-Defensive_Coding-TLS-Nagle">Example 17.1, “Deactivating the TCP Nagle algorithm”</a>). After that, the socket can be associated with a new GNUTLS session object. The previously allocated credentials object provides the set of root CAs. The <code class="literal">NORMAL</code> set of cipher suites and protocols provides a reasonable default. Then the TLS handshake must be initiated. This is shown in <a class="xref" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html#ex-Defensive_Coding-TLS-Client-GNUTLS-Connect">Example 17.10, “Establishing a TLS client connection using GNUTLS”</a>.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-GNUTLS-Connect"><h6>Example 17.10. Establishing a TLS client connection using GNUTLS</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Create the session object.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>gnutls_session_t session;
ret = gnutls_init(&session, GNUTLS_CLIENT);
@@ -94,8 +94,8 @@ ret = gnutls_server_name_set(session, GNUTLS_NAME_DNS,
exit(<span class="perl_Float">1</span>);
}
</pre></div></div><br class="example-break" /><div class="para">
- After the handshake has been completed, the server certificate needs to be verified (<a class="xref" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html#ex-Defensive_Coding-TLS-Client-GNUTLS-Verify">Example 16.11, “Verifying a server certificate using GNUTLS”</a>). In the example, the user-defined <code class="function">certificate_validity_override</code> function is called if the verification fails, so that a separate, user-specific trust store can be checked. This function call can be omitted if the functionality is not needed.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-GNUTLS-Verify"><h6>Example 16.11. Verifying a server certificate using GNUTLS</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ After the handshake has been completed, the server certificate needs to be verified (<a class="xref" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html#ex-Defensive_Coding-TLS-Client-GNUTLS-Verify">Example 17.11, “Verifying a server certificate using GNUTLS”</a>). In the example, the user-defined <code class="function">certificate_validity_override</code> function is called if the verification fails, so that a separate, user-specific trust store can be checked. This function call can be omitted if the functionality is not needed.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-GNUTLS-Verify"><h6>Example 17.11. Verifying a server certificate using GNUTLS</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Obtain the server certificate chain. The server certificate</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment">// itself is stored in the first element of the array.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_DataType">unsigned</span> certslen = 0;
@@ -133,8 +133,8 @@ ret = gnutls_certificate_verify_peers2(session, &status);
}
}
</pre></div></div><br class="example-break" /><div class="para">
- In the next step (<a class="xref" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html#ex-Defensive_Coding-TLS-Client-GNUTLS-Match">Example 16.12, “Matching the server host name and certificate in a GNUTLS client”</a>, the certificate must be matched against the host name (note the unusual return value from <code class="function">gnutls_x509_crt_check_hostname</code>). Again, an override function <code class="function">certificate_host_name_override</code> is called. Note that the override must be keyed to the certificate <span class="emphasis"><em>and</em></span> the host name. The function call can be omitted if the override is not needed.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-GNUTLS-Match"><h6>Example 16.12. Matching the server host name and certificate in a GNUTLS client</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ In the next step (<a class="xref" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html#ex-Defensive_Coding-TLS-Client-GNUTLS-Match">Example 17.12, “Matching the server host name and certificate in a GNUTLS client”</a>, the certificate must be matched against the host name (note the unusual return value from <code class="function">gnutls_x509_crt_check_hostname</code>). Again, an override function <code class="function">certificate_host_name_override</code> is called. Note that the override must be keyed to the certificate <span class="emphasis"><em>and</em></span> the host name. The function call can be omitted if the override is not needed.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-GNUTLS-Match"><h6>Example 17.12. Matching the server host name and certificate in a GNUTLS client</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Match the peer certificate against the host name.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment">// We can only obtain a set of DER-encoded certificates from the</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment">// session object, so we have to re-parse the peer certificate into</span><span class="perl_Comment"></span>
@@ -162,8 +162,8 @@ gnutls_x509_crt_deinit(cert);
</pre></div></div><br class="example-break" /><div class="para">
In newer GNUTLS versions, certificate checking and host name validation can be combined using the <code class="function">gnutls_certificate_verify_peers3</code> function.
</div><div class="para">
- An established TLS session can be used for sending and receiving data, as in <a class="xref" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html#ex-Defensive_Coding-TLS-GNUTLS-Use">Example 16.13, “Using a GNUTLS session”</a>.
- </div><div class="example" id="ex-Defensive_Coding-TLS-GNUTLS-Use"><h6>Example 16.13. Using a GNUTLS session</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ An established TLS session can be used for sending and receiving data, as in <a class="xref" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html#ex-Defensive_Coding-TLS-GNUTLS-Use">Example 17.13, “Using a GNUTLS session”</a>.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-GNUTLS-Use"><h6>Example 17.13. Using a GNUTLS session</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_DataType">char</span> buf[4096];
snprintf(buf, <span class="perl_Keyword">sizeof</span>(buf), <span class="perl_String">"GET / HTTP/1.0</span><span class="perl_Char">\r\n</span><span class="perl_String">Host: %s</span><span class="perl_Char">\r\n\r\n</span><span class="perl_String">"</span>, host);
ret = gnutls_record_send(session, buf, strlen(buf));
@@ -177,8 +177,8 @@ ret = gnutls_record_recv(session, buf, <span class="perl_Keyword">sizeof</span>(
exit(<span class="perl_Float">1</span>);
}
</pre></div></div><br class="example-break" /><div class="para">
- In order to shut down a connection in an orderly manner, you should call the <code class="function">gnutls_bye</code> function. Finally, the session object can be deallocated using <code class="function">gnutls_deinit</code> (see <a class="xref" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html#ex-Defensive_Coding-TLS-GNUTLS-Disconnect">Example 16.14, “Using a GNUTLS session”</a>).
- </div><div class="example" id="ex-Defensive_Coding-TLS-GNUTLS-Disconnect"><h6>Example 16.14. Using a GNUTLS session</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ In order to shut down a connection in an orderly manner, you should call the <code class="function">gnutls_bye</code> function. Finally, the session object can be deallocated using <code class="function">gnutls_deinit</code> (see <a class="xref" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html#ex-Defensive_Coding-TLS-GNUTLS-Disconnect">Example 17.14, “Using a GNUTLS session”</a>).
+ </div><div class="example" id="ex-Defensive_Coding-TLS-GNUTLS-Disconnect"><h6>Example 17.14. Using a GNUTLS session</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Initiate an orderly connection shutdown.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>ret = gnutls_bye(session, GNUTLS_SHUT_RDWR);
<span class="perl_Keyword">if</span> (ret < 0) {
@@ -187,4 +187,4 @@ ret = gnutls_record_recv(session, buf, <span class="perl_Keyword">sizeof</span>(
}
<span class="perl_Comment">// Free the session object.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>gnutls_deinit(session);
-</pre></div></div><br class="example-break" /></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-TLS-Client.html"><strong>Prev</strong>16.2. TLS Clients</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html"><strong>Next</strong>16.2.3. Implementing TLS Clients With OpenJDK</a></li></ul></body></html>
\ No newline at end of file
+</pre></div></div><br class="example-break" /></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-TLS-Client.html"><strong>Prev</strong>17.2. TLS Clients</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html"><strong>Next</strong>17.2.3. Implementing TLS Clients With OpenJDK</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client-NSS.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client-NSS.html
index e50b019..a13e22e 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client-NSS.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client-NSS.html
@@ -1,18 +1,18 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>16.2.4. Implementing TLS Clients With NSS</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>17.2.4. Implementing TLS Clients With NSS</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-TLS-Client.html" title="16.2. TLS Clients" /><link rel="prev" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html" title="16.2.3. Implementing TLS Clients With OpenJDK" /><link rel="next" href="sect-Defensive_Coding-TLS-Client-Python.html" title="16.2.5. Implementing TLS Clients With Python" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Def
ensive_Coding-TLS-Client-OpenJDK.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client-Python.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-TLS-Client-NSS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">16.2.4. Implementing TLS Clients With NSS</h3></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-TLS-Client.html" title="17.2. TLS Clients" /><link rel="prev" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html" title="17.2.3. Implementing TLS Clients With OpenJDK" /><link rel="next" href="sect-Defensive_Coding-TLS-Client-Python.html" title="17.2.5. Implementing TLS Clients With Python" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Def
ensive_Coding-TLS-Client-OpenJDK.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client-Python.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-TLS-Client-NSS"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">17.2.4. Implementing TLS Clients With NSS</h3></div></div></div><div class="para">
The following code shows how to implement a simple TLS client using NSS. These instructions apply to NSS version 3.14 and later. Versions before 3.14 need different initialization code.
</div><div class="para">
Keep in mind that the error handling needs to be improved before the code can be used in production.
</div><div class="para">
- Using NSS needs several header files, as shown in <a class="xref" href="sect-Defensive_Coding-TLS-Client-NSS.html#ex-Defensive_Coding-TLS-NSS-Includes">Example 16.21, “Include files for NSS”</a>.
- </div><div class="example" id="ex-Defensive_Coding-TLS-NSS-Includes"><h6>Example 16.21. Include files for NSS</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ Using NSS needs several header files, as shown in <a class="xref" href="sect-Defensive_Coding-TLS-Client-NSS.html#ex-Defensive_Coding-TLS-NSS-Includes">Example 17.21, “Include files for NSS”</a>.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-NSS-Includes"><h6>Example 17.21. Include files for NSS</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// NSPR include files</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Others">#include <prerror.h></span><span class="perl_Others"></span>
<span class="perl_Others"></span><span class="perl_Others">#include <prinit.h></span><span class="perl_Others"></span>
@@ -28,10 +28,10 @@
<span class="perl_Comment"></span><span class="perl_Comment">// NSPR handle.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>NSPR_API(PRFileDesc*) PR_ImportTCPSocket(<span class="perl_DataType">int</span>);
</pre></div></div><br class="example-break" /><div class="para">
- Initializing the NSS library is shown in <a class="xref" href="sect-Defensive_Coding-TLS-Client-NSS.html#ex-Defensive_Coding-TLS-NSS-Init">Example 16.22, “Initializing the NSS library”</a>. This initialization procedure overrides global state. We only call <code class="function">NSS_SetDomesticPolicy</code> if there are no strong ciphers available, assuming that it has already been called otherwise. This avoids overriding the process-wide cipher suite policy unnecessarily.
+ Initializing the NSS library is shown in <a class="xref" href="sect-Defensive_Coding-TLS-Client-NSS.html#ex-Defensive_Coding-TLS-NSS-Init">Example 17.22, “Initializing the NSS library”</a>. This initialization procedure overrides global state. We only call <code class="function">NSS_SetDomesticPolicy</code> if there are no strong ciphers available, assuming that it has already been called otherwise. This avoids overriding the process-wide cipher suite policy unnecessarily.
</div><div class="para">
The simplest way to configured the trusted root certificates involves loading the <code class="filename">libnssckbi.so</code> NSS module with a call to the <code class="function">SECMOD_LoadUserModule</code> function. The root certificates are compiled into this module. (The PEM module for NSS, <code class="filename">libnsspem.so</code>, offers a way to load trusted CA certificates from a file.)
- </div><div class="example" id="ex-Defensive_Coding-TLS-NSS-Init"><h6>Example 16.22. Initializing the NSS library</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ </div><div class="example" id="ex-Defensive_Coding-TLS-NSS-Init"><h6>Example 17.22. Initializing the NSS library</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
NSSInitContext *<span class="perl_DataType">const</span> ctx =
NSS_InitContext(<span class="perl_String">"sql:/etc/pki/nssdb"</span>, <span class="perl_String">""</span>, <span class="perl_String">""</span>, <span class="perl_String">""</span>, NULL,
@@ -95,12 +95,12 @@ SECMODModule *module = SECMOD_LoadUserModule(module_name, NULL, PR_FALSE);
SECMOD_DestroyModule(module);
NSS_ShutdownContext(ctx);
</pre></div><div class="para">
- After NSS has been initialized, the TLS connection can be created (<a class="xref" href="sect-Defensive_Coding-TLS-Client-NSS.html#ex-Defensive_Coding-TLS-Client-NSS-Connect">Example 16.23, “Creating a TLS connection with NSS”</a>). The internal <code class="function">PR_ImportTCPSocket</code> function is used to turn the POSIX file descriptor <code class="literal">sockfd</code> into an NSPR file descriptor. (This function is de-facto part of the NSS public ABI, so it will not go away.) Creating the TLS-capable file descriptor requires a <span class="emphasis"><em>model</em></span> descriptor, which is configured with the desired set of protocols. The model descriptor is not needed anymore after TLS support has been activated for the existing connection descriptor.
+ After NSS has been initialized, the TLS connection can be created (<a class="xref" href="sect-Defensive_Coding-TLS-Client-NSS.html#ex-Defensive_Coding-TLS-Client-NSS-Connect">Example 17.23, “Creating a TLS connection with NSS”</a>). The internal <code class="function">PR_ImportTCPSocket</code> function is used to turn the POSIX file descriptor <code class="literal">sockfd</code> into an NSPR file descriptor. (This function is de-facto part of the NSS public ABI, so it will not go away.) Creating the TLS-capable file descriptor requires a <span class="emphasis"><em>model</em></span> descriptor, which is configured with the desired set of protocols. The model descriptor is not needed anymore after TLS support has been activated for the existing connection descriptor.
</div><div class="para">
The call to <code class="function">SSL_BadCertHook</code> can be omitted if no mechanism to override certificate verification is needed. The <code class="literal">bad_certificate</code> function must check both the host name specified for the connection and the certificate before granting the override.
</div><div class="para">
Triggering the actual handshake requires three function calls, <code class="function">SSL_ResetHandshake</code>, <code class="function">SSL_SetURL</code>, and <code class="function">SSL_ForceHandshake</code>. (If <code class="function">SSL_ResetHandshake</code> is omitted, <code class="function">SSL_ForceHandshake</code> will succeed, but the data will not be encrypted.) During the handshake, the certificate is verified and matched against the host name.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-NSS-Connect"><h6>Example 16.23. Creating a TLS connection with NSS</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-NSS-Connect"><h6>Example 17.23. Creating a TLS connection with NSS</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Wrap the POSIX file descriptor. This is an internal NSPR</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment">// function, but it is very unlikely to change.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>PRFileDesc* nspr = PR_ImportTCPSocket(sockfd);
@@ -176,8 +176,8 @@ sockfd = <span class="perl_DecVal">-1</span>; <span class="perl_Comment">// Has
exit(<span class="perl_Float">1</span>);
}
</pre></div></div><br class="example-break" /><div class="para">
- After the connection has been established, <a class="xref" href="sect-Defensive_Coding-TLS-Client-NSS.html#ex-Defensive_Coding-TLS-NSS-Use">Example 16.24, “Using NSS for sending and receiving data”</a> shows how to use the NSPR descriptor to communicate with the server.
- </div><div class="example" id="ex-Defensive_Coding-TLS-NSS-Use"><h6>Example 16.24. Using NSS for sending and receiving data</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ After the connection has been established, <a class="xref" href="sect-Defensive_Coding-TLS-Client-NSS.html#ex-Defensive_Coding-TLS-NSS-Use">Example 17.24, “Using NSS for sending and receiving data”</a> shows how to use the NSPR descriptor to communicate with the server.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-NSS-Use"><h6>Example 17.24. Using NSS for sending and receiving data</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_DataType">char</span> buf[4096];
snprintf(buf, <span class="perl_Keyword">sizeof</span>(buf), <span class="perl_String">"GET / HTTP/1.0</span><span class="perl_Char">\r\n</span><span class="perl_String">Host: %s</span><span class="perl_Char">\r\n\r\n</span><span class="perl_String">"</span>, host);
PRInt32 ret = PR_Write(nspr, buf, strlen(buf));
@@ -195,8 +195,8 @@ ret = PR_Read(nspr, buf, <span class="perl_Keyword">sizeof</span>(buf));
exit(<span class="perl_Float">1</span>);
}
</pre></div></div><br class="example-break" /><div class="para">
- <a class="xref" href="sect-Defensive_Coding-TLS-Client-NSS.html#ex-Defensive_Coding-TLS-Client-NSS-Close">Example 16.25, “Closing NSS client connections”</a> shows how to close the connection.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-NSS-Close"><h6>Example 16.25. Closing NSS client connections</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ <a class="xref" href="sect-Defensive_Coding-TLS-Client-NSS.html#ex-Defensive_Coding-TLS-Client-NSS-Close">Example 17.25, “Closing NSS client connections”</a> shows how to close the connection.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-NSS-Close"><h6>Example 17.25. Closing NSS client connections</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Send close_notify alert.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Keyword">if</span> (PR_Shutdown(nspr, PR_SHUTDOWN_BOTH) != PR_SUCCESS) {
<span class="perl_DataType">const</span> PRErrorCode err = PR_GetError();
@@ -206,4 +206,4 @@ ret = PR_Read(nspr, buf, <span class="perl_Keyword">sizeof</span>(buf));
}
<span class="perl_Comment">// Closes the underlying POSIX file descriptor, too.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>PR_Close(nspr);
-</pre></div></div><br class="example-break" /></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html"><strong>Prev</strong>16.2.3. Implementing TLS Clients With OpenJDK</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client-Python.html"><strong>Next</strong>16.2.5. Implementing TLS Clients With Python</a></li></ul></body></html>
\ No newline at end of file
+</pre></div></div><br class="example-break" /></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html"><strong>Prev</strong>17.2.3. Implementing TLS Clients With OpenJDK</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client-Python.html"><strong>Next</strong>17.2.5. Implementing TLS Clients With Python</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client-OpenJDK.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client-OpenJDK.html
index f5aaf15..5a33db4 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client-OpenJDK.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client-OpenJDK.html
@@ -1,12 +1,12 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>16.2.3. Implementing TLS Clients With OpenJDK</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>17.2.3. Implementing TLS Clients With OpenJDK</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-TLS-Client.html" title="16.2. TLS Clients" /><link rel="prev" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html" title="16.2.2. Implementation TLS Clients With GNUTLS" /><link rel="next" href="sect-Defensive_Coding-TLS-Client-NSS.html" title="16.2.4. Implementing TLS Clients With NSS" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive
_Coding-TLS-Client-GNUTLS.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client-NSS.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-TLS-Client-OpenJDK"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">16.2.3. Implementing TLS Clients With OpenJDK</h3></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-TLS-Client.html" title="17.2. TLS Clients" /><link rel="prev" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html" title="17.2.2. Implementation TLS Clients With GNUTLS" /><link rel="next" href="sect-Defensive_Coding-TLS-Client-NSS.html" title="17.2.4. Implementing TLS Clients With NSS" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive
_Coding-TLS-Client-GNUTLS.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client-NSS.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-TLS-Client-OpenJDK"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">17.2.3. Implementing TLS Clients With OpenJDK</h3></div></div></div><div class="para">
The examples below use the following cryptographic-related classes:
</div><div class="informalexample"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Keyword">import</span> java.security.NoSuchAlgorithmException;
@@ -24,8 +24,8 @@
</pre></div><div class="para">
If compatibility with OpenJDK 6 is required, it is necessary to use the internal class <code class="literal">sun.security.util.HostnameChecker</code>. (The public OpenJDK API does not provide any support for dissecting the subject distinguished name of an X.509 certificate, so a custom-written DER parser is needed—or we have to use an internal class, which we do below.) In OpenJDK 7, the <code class="function">setEndpointIdentificationAlgorithm</code> method was added to the <code class="literal">javax.net.ssl.SSLParameters</code> class, providing an official way to implement host name checking.
</div><div class="para">
- TLS connections are established using an <code class="literal">SSLContext</code> instance. With a properly configured OpenJDK installation, the <code class="literal">SunJSSE</code> provider uses the system-wide set of trusted root certificate authorities, so no further configuration is necessary. For backwards compatibility with OpenJDK 6, the <code class="literal">TLSv1</code> provider has to be supported as a fall-back option. This is shown in <a class="xref" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html#ex-Defensive_Coding-TLS-Client-OpenJDK-Context">Example 16.15, “Setting up an <code class="literal">SSLContext</code> for OpenJDK TLS clients”</a>.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenJDK-Context"><h6>Example 16.15. Setting up an <code class="literal">SSLContext</code> for OpenJDK TLS clients</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ TLS connections are established using an <code class="literal">SSLContext</code> instance. With a properly configured OpenJDK installation, the <code class="literal">SunJSSE</code> provider uses the system-wide set of trusted root certificate authorities, so no further configuration is necessary. For backwards compatibility with OpenJDK 6, the <code class="literal">TLSv1</code> provider has to be supported as a fall-back option. This is shown in <a class="xref" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html#ex-Defensive_Coding-TLS-Client-OpenJDK-Context">Example 17.15, “Setting up an <code class="literal">SSLContext</code> for OpenJDK TLS clients”</a>.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenJDK-Context"><h6>Example 17.15. Setting up an <code class="literal">SSLContext</code> for OpenJDK TLS clients</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Create the context. Specify the SunJSSE provider to avoid</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment">// picking up third-party providers. Try the TLS 1.2 provider</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment">// first, then fall back to TLS 1.0.</span><span class="perl_Comment"></span>
@@ -47,8 +47,8 @@
}
ctx.<span class="perl_Function">init</span>(<span class="perl_Keyword">null</span>, <span class="perl_Keyword">null</span>, <span class="perl_Keyword">null</span>);
</pre></div></div><br class="example-break" /><div class="para">
- In addition to the context, a TLS parameter object will be needed which adjusts the cipher suites and protocols (<a class="xref" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html#ex-Defensive_Coding-TLS-OpenJDK-Parameters">Example 16.16, “Setting up <code class="literal">SSLParameters</code> for TLS use with OpenJDK”</a>). Like the context, these parameters can be reused for multiple TLS connections.
- </div><div class="example" id="ex-Defensive_Coding-TLS-OpenJDK-Parameters"><h6>Example 16.16. Setting up <code class="literal">SSLParameters</code> for TLS use with OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ In addition to the context, a TLS parameter object will be needed which adjusts the cipher suites and protocols (<a class="xref" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html#ex-Defensive_Coding-TLS-OpenJDK-Parameters">Example 17.16, “Setting up <code class="literal">SSLParameters</code> for TLS use with OpenJDK”</a>). Like the context, these parameters can be reused for multiple TLS connections.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-OpenJDK-Parameters"><h6>Example 17.16. Setting up <code class="literal">SSLParameters</code> for TLS use with OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Prepare TLS parameters. These have to applied to every TLS</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment">// socket before the handshake is triggered.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>SSLParameters params = ctx.<span class="perl_Function">getDefaultSSLParameters</span>();
@@ -77,8 +77,8 @@ params.<span class="perl_Function">setEndpointIdentificationAlgorithm</span>(<sp
</pre></div><div class="para">
All application protocols can use the <code class="literal">"HTTPS"</code> algorithm. (The algorithms have minor differences with regard to wildcard handling, which should not matter in practice.)
</div><div class="para">
- <a class="xref" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html#ex-Defensive_Coding-TLS-Client-OpenJDK-Connect">Example 16.17, “Establishing a TLS connection with OpenJDK”</a> shows how to establish the connection. Before the handshake is initialized, the protocol and cipher configuration has to be performed, by applying the parameter object <code class="literal">params</code>. (After this point, changes to <code class="literal">params</code> will not affect this TLS socket.) As mentioned initially, host name checking requires using an internal API on OpenJDK 6.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenJDK-Connect"><h6>Example 16.17. Establishing a TLS connection with OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ <a class="xref" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html#ex-Defensive_Coding-TLS-Client-OpenJDK-Connect">Example 17.17, “Establishing a TLS connection with OpenJDK”</a> shows how to establish the connection. Before the handshake is initialized, the protocol and cipher configuration has to be performed, by applying the parameter object <code class="literal">params</code>. (After this point, changes to <code class="literal">params</code> will not affect this TLS socket.) As mentioned initially, host name checking requires using an internal API on OpenJDK 6.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenJDK-Connect"><h6>Example 17.17. Establishing a TLS connection with OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Create the socket and connect it at the TCP layer.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>SSLSocket socket = (SSLSocket) ctx.<span class="perl_Function">getSocketFactory</span>()
.<span class="perl_Function">createSocket</span>(host, port);
@@ -102,18 +102,18 @@ params.<span class="perl_Function">setEndpointIdentificationAlgorithm</span>(<sp
</pre></div></div><br class="example-break" /><div class="para">
Starting with OpenJDK 7, the last lines can be omitted, provided that host name verification has been enabled by calling the <code class="function">setEndpointIdentificationAlgorithm</code> method on the <code class="literal">params</code> object (before it was applied to the socket).
</div><div class="para">
- The TLS socket can be used as a regular socket, as shown in <a class="xref" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html#ex-Defensive_Coding-TLS-Client-OpenJDK-Use">Example 16.18, “Using a TLS client socket in OpenJDK”</a>.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenJDK-Use"><h6>Example 16.18. Using a TLS client socket in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ The TLS socket can be used as a regular socket, as shown in <a class="xref" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html#ex-Defensive_Coding-TLS-Client-OpenJDK-Use">Example 17.18, “Using a TLS client socket in OpenJDK”</a>.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenJDK-Use"><h6>Example 17.18. Using a TLS client socket in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
socket.<span class="perl_Function">getOutputStream</span>().<span class="perl_Function">write</span>(<span class="perl_String">"GET / HTTP/1.0</span><span class="perl_Char">\r\n\r\n</span><span class="perl_String">"</span>
.<span class="perl_Function">getBytes</span>(Charset.<span class="perl_Function">forName</span>(<span class="perl_String">"UTF-8"</span>)));
<span class="perl_DataType">byte</span>[] buffer = <span class="perl_Keyword">new</span> <span class="perl_DataType">byte</span>[<span class="perl_Float">4096</span>];
<span class="perl_DataType">int</span> count = socket.<span class="perl_Function">getInputStream</span>().<span class="perl_Function">read</span>(buffer);
System.<span class="perl_Function">out</span>.<span class="perl_Function">write</span>(buffer, <span class="perl_Float">0</span>, count);
-</pre></div></div><br class="example-break" /><div class="section" id="idm225459110736"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm225459110736">16.2.3.1. Overriding server certificate validation with OpenJDK 6</h4></div></div></div><div class="para">
+</pre></div></div><br class="example-break" /><div class="section" id="idm225434484544"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title" id="idm225434484544">17.2.3.1. Overriding server certificate validation with OpenJDK 6</h4></div></div></div><div class="para">
Overriding certificate validation requires a custom trust manager. With OpenJDK 6, the trust manager lacks information about the TLS session, and to which server the connection is made. Certificate overrides have to be tied to specific servers (host names). Consequently, different <code class="literal">TrustManager</code> and <code class="literal">SSLContext</code> objects have to be used for different servers.
</div><div class="para">
- In the trust manager shown in <a class="xref" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html#ex-Defensive_Coding-TLS-Client-MyTrustManager">Example 16.19, “A customer trust manager for OpenJDK TLS clients”</a>, the server certificate is identified by its SHA-256 hash.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-MyTrustManager"><h6>Example 16.19. A customer trust manager for OpenJDK TLS clients</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ In the trust manager shown in <a class="xref" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html#ex-Defensive_Coding-TLS-Client-MyTrustManager">Example 17.19, “A customer trust manager for OpenJDK TLS clients”</a>, the server certificate is identified by its SHA-256 hash.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-MyTrustManager"><h6>Example 17.19. A customer trust manager for OpenJDK TLS clients</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Keyword">public</span> <span class="perl_Keyword">class</span> MyTrustManager <span class="perl_Keyword">implements</span> X509TrustManager {
<span class="perl_Keyword">private</span> <span class="perl_DataType">final</span> <span class="perl_DataType">byte</span>[] certHash;
@@ -147,8 +147,8 @@ System.<span class="perl_Function">out</span>.<span class="perl_Function">write<
}
}
</pre></div></div><br class="example-break" /><div class="para">
- This trust manager has to be passed to the <code class="literal">init</code> method of the <code class="literal">SSLContext</code> object, as show in <a class="xref" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html#ex-Defensive_Coding-TLS-Client-Context_For_Cert">Example 16.20, “Using a custom TLS trust manager with OpenJDK”</a>.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-Context_For_Cert"><h6>Example 16.20. Using a custom TLS trust manager with OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ This trust manager has to be passed to the <code class="literal">init</code> method of the <code class="literal">SSLContext</code> object, as show in <a class="xref" href="sect-Defensive_Coding-TLS-Client-OpenJDK.html#ex-Defensive_Coding-TLS-Client-Context_For_Cert">Example 17.20, “Using a custom TLS trust manager with OpenJDK”</a>.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-Context_For_Cert"><h6>Example 17.20. Using a custom TLS trust manager with OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
SSLContext ctx;
<span class="perl_Keyword">try</span> {
ctx = SSLContext.<span class="perl_Function">getInstance</span>(<span class="perl_String">"TLSv1.2"</span>, <span class="perl_String">"SunJSSE"</span>);
@@ -169,4 +169,4 @@ ctx.<span class="perl_Function">init</span>(<span class="perl_Keyword">null</spa
When certificate overrides are in place, host name verification should not be performed because there is no security requirement that the host name in the certificate matches the host name used to establish the connection (and it often will not). However, without host name verification, it is not possible to perform transparent fallback to certification validation using the system certificate store.
</div><div class="para">
The approach described above works with OpenJDK 6 and later versions. Starting with OpenJDK 7, it is possible to use a custom subclass of the <code class="literal">javax.net.ssl.X509ExtendedTrustManager</code> class. The OpenJDK TLS implementation will call the new methods, passing along TLS session information. This can be used to implement certificate overrides as a fallback (if certificate or host name verification fails), and a trust manager object can be used for multiple servers because the server address is available to the trust manager.
- </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html"><strong>Prev</strong>16.2.2. Implementation TLS Clients With GNUTLS</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client-NSS.html"><strong>Next</strong>16.2.4. Implementing TLS Clients With NSS</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html"><strong>Prev</strong>17.2.2. Implementation TLS Clients With GNUTLS</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client-NSS.html"><strong>Next</strong>17.2.4. Implementing TLS Clients With NSS</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client-Python.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client-Python.html
index 52f96a2..86bc3cf 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client-Python.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client-Python.html
@@ -1,18 +1,18 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>16.2.5. Implementing TLS Clients With Python</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>17.2.5. Implementing TLS Clients With Python</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-TLS-Client.html" title="16.2. TLS Clients" /><link rel="prev" href="sect-Defensive_Coding-TLS-Client-NSS.html" title="16.2.4. Implementing TLS Clients With NSS" /><link rel="next" href="appe-Defensive_Coding-Revision_History.html" title="Appendix A. Revision History" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-TLS-Client
-NSS.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="appe-Defensive_Coding-Revision_History.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-TLS-Client-Python"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">16.2.5. Implementing TLS Clients With Python</h3></div></div></div><div class="para">
- The Python distribution provides a TLS implementation in the <code class="literal">ssl</code> module (actually a wrapper around OpenSSL). The exported interface is somewhat restricted, so that the client code shown below does not fully implement the recommendations in <a class="xref" href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-OpenSSL">Section 16.1.1, “OpenSSL Pitfalls”</a>.
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-TLS-Client.html" title="17.2. TLS Clients" /><link rel="prev" href="sect-Defensive_Coding-TLS-Client-NSS.html" title="17.2.4. Implementing TLS Clients With NSS" /><link rel="next" href="appe-Defensive_Coding-Revision_History.html" title="Appendix A. Revision History" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-TLS-Client
-NSS.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="appe-Defensive_Coding-Revision_History.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-TLS-Client-Python"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">17.2.5. Implementing TLS Clients With Python</h3></div></div></div><div class="para">
+ The Python distribution provides a TLS implementation in the <code class="literal">ssl</code> module (actually a wrapper around OpenSSL). The exported interface is somewhat restricted, so that the client code shown below does not fully implement the recommendations in <a class="xref" href="chap-Defensive_Coding-TLS.html#sect-Defensive_Coding-TLS-OpenSSL">Section 17.1.1, “OpenSSL Pitfalls”</a>.
</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
Currently, most Python function which accept <code class="literal">https://</code> URLs or otherwise implement HTTPS support do not perform certificate validation at all. (For example, this is true for the <code class="literal">httplib</code> and <code class="literal">xmlrpclib</code> modules.) If you use HTTPS, you should not use the built-in HTTP clients. The <code class="literal">Curl</code> class in the <code class="literal">curl</code> module, as provided by the <code class="literal">python-pycurl</code> package implements proper certificate validation.
</div></div></div><div class="para">
- The <code class="literal">ssl</code> module currently does not perform host name checking on the server certificate. <a class="xref" href="sect-Defensive_Coding-TLS-Client-Python.html#ex-Defensive_Coding-TLS-Client-Python-check_host_name">Example 16.26, “Implementing TLS host name checking Python (without wildcard support)”</a> shows how to implement certificate matching, using the parsed certificate returned by <code class="function">getpeercert</code>.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-Python-check_host_name"><h6>Example 16.26. Implementing TLS host name checking Python (without wildcard support)</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ The <code class="literal">ssl</code> module currently does not perform host name checking on the server certificate. <a class="xref" href="sect-Defensive_Coding-TLS-Client-Python.html#ex-Defensive_Coding-TLS-Client-Python-check_host_name">Example 17.26, “Implementing TLS host name checking Python (without wildcard support)”</a> shows how to implement certificate matching, using the parsed certificate returned by <code class="function">getpeercert</code>.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-Python-check_host_name"><h6>Example 17.26. Implementing TLS host name checking Python (without wildcard support)</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Keyword">def</span> check_host_name<span class="perl_Char">(peercert</span>, name<span class="perl_Char">):</span>
<span class="perl_Comment">"""Simple certificate/host name checker. Returns True if the</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment"> certificate matches, False otherwise. Does not support</span><span class="perl_Comment"></span>
@@ -37,7 +37,7 @@
<span class="perl_Keyword">return</span> cn <span class="perl_Char">==</span> name
<span class="perl_Keyword">return</span> <span class="perl_Others">False</span>
</pre></div></div><br class="example-break" /><div class="para">
- To turn a regular, connected TCP socket into a TLS-enabled socket, use the <code class="function">ssl.wrap_socket</code> function. The function call in <a class="xref" href="sect-Defensive_Coding-TLS-Client-Python.html#ex-Defensive_Coding-TLS-Client-Python-Connect">Example 16.27, “Establishing a TLS client connection with Python”</a> provides additional arguments to override questionable defaults in OpenSSL and in the Python module.
+ To turn a regular, connected TCP socket into a TLS-enabled socket, use the <code class="function">ssl.wrap_socket</code> function. The function call in <a class="xref" href="sect-Defensive_Coding-TLS-Client-Python.html#ex-Defensive_Coding-TLS-Client-Python-Connect">Example 17.27, “Establishing a TLS client connection with Python”</a> provides additional arguments to override questionable defaults in OpenSSL and in the Python module.
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
<code class="literal">ciphers="HIGH:-aNULL:-eNULL:-PSK:RC4-SHA:RC4-MD5"</code> selects relatively strong cipher suites with certificate-based authentication. (The call to <code class="function">check_host_name</code> function provides additional protection against anonymous cipher suites.)
</div></li><li class="listitem"><div class="para">
@@ -48,7 +48,7 @@
<code class="literal">ca_certs='/etc/ssl/certs/ca-bundle.crt'</code> initializes the certificate store with a set of trusted root CAs. Unfortunately, it is necessary to hard-code this path into applications because the default path in OpenSSL is not available through the Python <code class="literal">ssl</code> module.
</div></li></ul></div><div class="para">
The <code class="literal">ssl</code> module (and OpenSSL) perform certificate validation, but the certificate must be compared manually against the host name, by calling the <code class="function">check_host_name</code> defined above.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-Python-Connect"><h6>Example 16.27. Establishing a TLS client connection with Python</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-Python-Connect"><h6>Example 17.27. Establishing a TLS client connection with Python</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
sock <span class="perl_Char">=</span> ssl.wrap_socket<span class="perl_Char">(sock</span>,
ciphers<span class="perl_Char">=</span><span class="perl_String">"HIGH:-aNULL:-eNULL:-PSK:RC4-SHA:RC4-MD5"</span>,
ssl_version<span class="perl_Char">=ssl</span>.PROTOCOL_TLSv1,
@@ -66,4 +66,4 @@ sock.write<span class="perl_Char">(</span><span class="perl_String">"GET / HTTP/
Closing the TLS socket is straightforward as well:
</div><div class="informalexample"><pre xml:lang="en-US" class="programlisting" lang="en-US">
sock.close<span class="perl_Char">()</span>
-</pre></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-TLS-Client-NSS.html"><strong>Prev</strong>16.2.4. Implementing TLS Clients With NSS</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="appe-Defensive_Coding-Revision_History.html"><strong>Next</strong>Appendix A. Revision History</a></li></ul></body></html>
\ No newline at end of file
+</pre></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-TLS-Client-NSS.html"><strong>Prev</strong>17.2.4. Implementing TLS Clients With NSS</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="appe-Defensive_Coding-Revision_History.html"><strong>Next</strong>Appendix A. Revision History</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client.html
index 275ad5a..2fdaed5 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-TLS-Client.html
@@ -1,12 +1,12 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>16.2. TLS Clients</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>17.2. TLS Clients</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-TLS.html" title="Chapter 16. Transport Layer Security" /><link rel="prev" href="chap-Defensive_Coding-TLS.html" title="Chapter 16. Transport Layer Security" /><link rel="next" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html" title="16.2.2. Implementation TLS Clients With GNUTLS" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_C
oding-TLS.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-TLS-Client"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">16.2. TLS Clients</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-TLS.html" title="Chapter 17. Transport Layer Security" /><link rel="prev" href="chap-Defensive_Coding-TLS.html" title="Chapter 17. Transport Layer Security" /><link rel="next" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html" title="17.2.2. Implementation TLS Clients With GNUTLS" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_C
oding-TLS.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-TLS-Client"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">17.2. TLS Clients</h2></div></div></div><div class="para">
Secure use of TLS in a client generally involves all of the following steps. (Individual instructions for specific TLS implementations follow in the next sections.)
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
The client must configure the TLS library to use a set of trusted root certificates. These certificates are provided by the system in <code class="filename">/etc/ssl/certs</code> or files derived from it.
@@ -22,11 +22,11 @@
It is safe to provide users detailed diagnostics on certificate validation failures. Other causes of handshake failures and, generally speaking, any details on other errors reported by the TLS implementation (particularly exception tracebacks), must not be divulged in ways that make them accessible to potential attackers. Otherwise, it is possible to create decryption oracles.
</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
Depending on the application, revocation checking (against certificate revocations lists or via OCSP) and session resumption are important aspects of production-quality client. These aspects are not yet covered.
- </div></div></div><div class="section" id="idm225494367168"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225494367168">16.2.1. Implementation TLS Clients With OpenSSL</h3></div></div></div><div class="para">
+ </div></div></div><div class="section" id="idm225439762448"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225439762448">17.2.1. Implementation TLS Clients With OpenSSL</h3></div></div></div><div class="para">
In the following code, the error handling is only exploratory. Proper error handling is required for production use, especially in libraries.
</div><div class="para">
- The OpenSSL library needs explicit initialization (see <a class="xref" href="sect-Defensive_Coding-TLS-Client.html#ex-Defensive_Coding-TLS-OpenSSL-Init">Example 16.3, “OpenSSL library initialization”</a>).
- </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Init"><h6>Example 16.3. OpenSSL library initialization</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ The OpenSSL library needs explicit initialization (see <a class="xref" href="sect-Defensive_Coding-TLS-Client.html#ex-Defensive_Coding-TLS-OpenSSL-Init">Example 17.3, “OpenSSL library initialization”</a>).
+ </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Init"><h6>Example 17.3. OpenSSL library initialization</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// The following call prints an error message and calls exit() if</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment">// the OpenSSL configuration file is unreadable.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>OPENSSL_config(NULL);
@@ -35,8 +35,8 @@
<span class="perl_Comment">// Register ciphers.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>SSL_library_init();
</pre></div></div><br class="example-break" /><div class="para">
- After that, a context object has to be created, which acts as a factory for connection objects (<a class="xref" href="sect-Defensive_Coding-TLS-Client.html#ex-Defensive_Coding-TLS-Client-OpenSSL-CTX">Example 16.4, “OpenSSL client context creation”</a>). We use an explicit cipher list so that we do not pick up any strange ciphers when OpenSSL is upgraded. The actual version requested in the client hello depends on additional restrictions in the OpenSSL library. If possible, you should follow the example code and use the default list of trusted root certificate authorities provided by the system because you would have to maintain your own set otherwise, which can be cumbersome.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenSSL-CTX"><h6>Example 16.4. OpenSSL client context creation</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ After that, a context object has to be created, which acts as a factory for connection objects (<a class="xref" href="sect-Defensive_Coding-TLS-Client.html#ex-Defensive_Coding-TLS-Client-OpenSSL-CTX">Example 17.4, “OpenSSL client context creation”</a>). We use an explicit cipher list so that we do not pick up any strange ciphers when OpenSSL is upgraded. The actual version requested in the client hello depends on additional restrictions in the OpenSSL library. If possible, you should follow the example code and use the default list of trusted root certificate authorities provided by the system because you would have to maintain your own set otherwise, which can be cumbersome.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenSSL-CTX"><h6>Example 17.4. OpenSSL client context creation</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Configure a client connection context. Send a hendshake for the</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_Comment">// highest supported TLS version, and disable compression.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_DataType">const</span> SSL_METHOD *<span class="perl_DataType">const</span> req_method = SSLv23_client_method();
@@ -105,12 +105,12 @@ SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION);
</pre></div></div><br class="example-break" /><div class="para">
A single context object can be used to create multiple connection objects. It is safe to use the same <code class="literal">SSL_CTX</code> object for creating connections concurrently from multiple threads, provided that the <code class="literal">SSL_CTX</code> object is not modified (e.g., callbacks must not be changed).
</div><div class="para">
- After creating the TCP socket and disabling the Nagle algorithm (per <a class="xref" href="chap-Defensive_Coding-TLS.html#ex-Defensive_Coding-TLS-Nagle">Example 16.1, “Deactivating the TCP Nagle algorithm”</a>), the actual connection object needs to be created, as show in <a class="xref" href="sect-Defensive_Coding-TLS-Client.html#ex-Defensive_Coding-TLS-Client-OpenSSL-CTX">Example 16.4, “OpenSSL client context creation”</a>. If the handshake started by <code class="function">SSL_connect</code> fails, the <code class="function">ssl_print_error_and_exit</code> function from <a class="xref" href="chap-Defensive_Coding-TLS.html#ex-Defensive_Coding-TLS-OpenSSL-Errors">Example 16.2, “Obtaining OpenSSL error codes”</a> is called.
+ After creating the TCP socket and disabling the Nagle algorithm (per <a class="xref" href="chap-Defensive_Coding-TLS.html#ex-Defensive_Coding-TLS-Nagle">Example 17.1, “Deactivating the TCP Nagle algorithm”</a>), the actual connection object needs to be created, as show in <a class="xref" href="sect-Defensive_Coding-TLS-Client.html#ex-Defensive_Coding-TLS-Client-OpenSSL-CTX">Example 17.4, “OpenSSL client context creation”</a>. If the handshake started by <code class="function">SSL_connect</code> fails, the <code class="function">ssl_print_error_and_exit</code> function from <a class="xref" href="chap-Defensive_Coding-TLS.html#ex-Defensive_Coding-TLS-OpenSSL-Errors">Example 17.2, “Obtaining OpenSSL error codes”</a> is called.
</div><div class="para">
The <code class="function">certificate_validity_override</code> function provides an opportunity to override the validity of the certificate in case the OpenSSL check fails. If such functionality is not required, the call can be removed, otherwise, the application developer has to implement it.
</div><div class="para">
The host name passed to the functions <code class="function">SSL_set_tlsext_host_name</code> and <code class="function">X509_check_host</code> must be the name that was passed to <code class="function">getaddrinfo</code> or a similar name resolution function. No host name canonicalization must be performed. The <code class="function">X509_check_host</code> function used in the final step for host name matching is currently only implemented in OpenSSL 1.1, which is not released yet. In case host name matching fails, the function <code class="function">certificate_host_name_override</code> is called. This function should check user-specific certificate store, to allow a connection even if the host name does not match the certificate. This function has to be provided by the application developer. Note that the override must be keyed by both the certificate <span class="emphasis"><em>and</em></span> the host name.
- </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenSSL-Connect"><h6>Example 16.5. Creating a client connection using OpenSSL</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ </div><div class="example" id="ex-Defensive_Coding-TLS-Client-OpenSSL-Connect"><h6>Example 17.5. Creating a client connection using OpenSSL</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Create the connection object.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>SSL *ssl = SSL_new(ctx);
<span class="perl_Keyword">if</span> (ssl == NULL) {
@@ -161,8 +161,8 @@ SSL_set_fd(ssl, sockfd);
X509_free(peercert);
</pre></div></div><br class="example-break" /><div class="para">
- The connection object can be used for sending and receiving data, as in <a class="xref" href="sect-Defensive_Coding-TLS-Client.html#ex-Defensive_Coding-TLS-OpenSSL-Connection-Use">Example 16.6, “Using an OpenSSL connection to send and receive data”</a>. It is also possible to create a <code class="literal">BIO</code> object and use the <code class="literal">SSL</code> object as the underlying transport, using <code class="function">BIO_set_ssl</code>.
- </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Connection-Use"><h6>Example 16.6. Using an OpenSSL connection to send and receive data</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ The connection object can be used for sending and receiving data, as in <a class="xref" href="sect-Defensive_Coding-TLS-Client.html#ex-Defensive_Coding-TLS-OpenSSL-Connection-Use">Example 17.6, “Using an OpenSSL connection to send and receive data”</a>. It is also possible to create a <code class="literal">BIO</code> object and use the <code class="literal">SSL</code> object as the underlying transport, using <code class="function">BIO_set_ssl</code>.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Connection-Use"><h6>Example 17.6. Using an OpenSSL connection to send and receive data</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_DataType">const</span> <span class="perl_DataType">char</span> *<span class="perl_DataType">const</span> req = <span class="perl_String">"GET / HTTP/1.0</span><span class="perl_Char">\r\n\r\n</span><span class="perl_String">"</span>;
<span class="perl_Keyword">if</span> (SSL_write(ssl, req, strlen(req)) < 0) {
ssl_print_error_and_exit(ssl, <span class="perl_String">"SSL_write"</span>, ret);
@@ -173,8 +173,8 @@ ret = SSL_read(ssl, buf, <span class="perl_Keyword">sizeof</span>(buf));
ssl_print_error_and_exit(ssl, <span class="perl_String">"SSL_read"</span>, ret);
}
</pre></div></div><br class="example-break" /><div class="para">
- When it is time to close the connection, the <code class="function">SSL_shutdown</code> function needs to be called twice for an orderly, synchronous connection termination (<a class="xref" href="sect-Defensive_Coding-TLS-Client.html#ex-Defensive_Coding-TLS-OpenSSL-Connection-Close">Example 16.7, “Closing an OpenSSL connection in an orderly fashion”</a>). This exchanges <code class="literal">close_notify</code> alerts with the server. The additional logic is required to deal with an unexpected <code class="literal">close_notify</code> from the server. Note that is necessary to explicitly close the underlying socket after the connection object has been freed.
- </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Connection-Close"><h6>Example 16.7. Closing an OpenSSL connection in an orderly fashion</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ When it is time to close the connection, the <code class="function">SSL_shutdown</code> function needs to be called twice for an orderly, synchronous connection termination (<a class="xref" href="sect-Defensive_Coding-TLS-Client.html#ex-Defensive_Coding-TLS-OpenSSL-Connection-Close">Example 17.7, “Closing an OpenSSL connection in an orderly fashion”</a>). This exchanges <code class="literal">close_notify</code> alerts with the server. The additional logic is required to deal with an unexpected <code class="literal">close_notify</code> from the server. Note that is necessary to explicitly close the underlying socket after the connection object has been freed.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Connection-Close"><h6>Example 17.7. Closing an OpenSSL connection in an orderly fashion</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Send the close_notify alert.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>ret = SSL_shutdown(ssl);
<span class="perl_Keyword">switch</span> (ret) {
@@ -200,7 +200,7 @@ ret = SSL_read(ssl, buf, <span class="perl_Keyword">sizeof</span>(buf));
SSL_free(ssl);
close(sockfd);
</pre></div></div><br class="example-break" /><div class="para">
- <a class="xref" href="sect-Defensive_Coding-TLS-Client.html#ex-Defensive_Coding-TLS-OpenSSL-Context-Close">Example 16.8, “Closing an OpenSSL connection in an orderly fashion”</a> shows how to deallocate the context object when it is no longer needed because no further TLS connections will be established.
- </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Context-Close"><h6>Example 16.8. Closing an OpenSSL connection in an orderly fashion</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ <a class="xref" href="sect-Defensive_Coding-TLS-Client.html#ex-Defensive_Coding-TLS-OpenSSL-Context-Close">Example 17.8, “Closing an OpenSSL connection in an orderly fashion”</a> shows how to deallocate the context object when it is no longer needed because no further TLS connections will be established.
+ </div><div class="example" id="ex-Defensive_Coding-TLS-OpenSSL-Context-Close"><h6>Example 17.8. Closing an OpenSSL connection in an orderly fashion</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
SSL_CTX_free(ctx);
-</pre></div></div><br class="example-break" /></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-TLS.html"><strong>Prev</strong>Chapter 16. Transport Layer Security</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html"><strong>Next</strong>16.2.2. Implementation TLS Clients With GNUTLS</a></li></ul></body></html>
\ No newline at end of file
+</pre></div></div><br class="example-break" /></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-TLS.html"><strong>Prev</strong>Chapter 17. Transport Layer Security</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-TLS-Client-GNUTLS.html"><strong>Next</strong>17.2.2. Implementation TLS Clients With GNUTLS</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html
index e27def6..cdce149 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html
@@ -1,12 +1,12 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>8.2. Preventing file descriptor leaks to child processes</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>9.2. Preventing file descriptor leaks to child processes</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Descriptors.html" title="Chapter 8. File Descriptor Management" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Descriptors.html" title="Chapter 8. File Descriptor Management" /><link rel="next" href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html" title="8.3. Dealing with the select limit" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p
" href="sect-Defensive_Coding-Tasks-Descriptors.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">8.2. Preventing file descriptor leaks to child processes</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Descriptors.html" title="Chapter 9. File Descriptor Management" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Descriptors.html" title="Chapter 9. File Descriptor Management" /><link rel="next" href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html" title="9.3. Dealing with the select limit" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p
" href="sect-Defensive_Coding-Tasks-Descriptors.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">9.2. Preventing file descriptor leaks to child processes</h2></div></div></div><div class="para">
Child processes created with <code class="function">fork</code> share the initial set of file descriptors with their parent process. By default, file descriptors are also preserved if a new process image is created with <code class="function">execve</code> (or any of the other functions such as <code class="function">system</code> or <code class="function">posix_spawn</code>).
</div><div class="para">
Usually, this behavior is not desirable. There are two ways to turn it off, that is, to prevent new process images from inheriting the file descriptors in the parent process:
@@ -19,7 +19,7 @@
</div></li><li class="listitem"><div class="para">
After calling <code class="function">fork</code>, but before creating a new process image with <code class="function">execve</code>, all file descriptors which the child process will not need are closed.
</div><div class="para">
- Traditionally, this was implemented as a loop over file descriptors ranging from <code class="literal">3</code> to <code class="literal">255</code> and later <code class="literal">1023</code>. But this is only an approximatio because it is possible to create file descriptors outside this range easily (see <a class="xref" href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html">Section 8.3, “Dealing with the <code class="function">select</code> limit”</a>). Another approach reads <code class="filename">/proc/self/fd</code> and closes the unexpected descriptors listed there, but this approach is much slower.
+ Traditionally, this was implemented as a loop over file descriptors ranging from <code class="literal">3</code> to <code class="literal">255</code> and later <code class="literal">1023</code>. But this is only an approximatio because it is possible to create file descriptors outside this range easily (see <a class="xref" href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html">Section 9.3, “Dealing with the <code class="function">select</code> limit”</a>). Another approach reads <code class="filename">/proc/self/fd</code> and closes the unexpected descriptors listed there, but this approach is much slower.
</div></li></ul></div><div class="para">
At present, environments which care about file descriptor leakage implement the second approach. OpenJDK 6 and 7 are among them.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Descriptors.html"><strong>Prev</strong>Chapter 8. File Descriptor Management</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html"><strong>Next</strong>8.3. Dealing with the select limit</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Descriptors.html"><strong>Prev</strong>Chapter 9. File Descriptor Management</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html"><strong>Next</strong>9.3. Dealing with the select limit</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Descriptors-Limit.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Descriptors-Limit.html
index 3217d4f..f18775b 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Descriptors-Limit.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Descriptors-Limit.html
@@ -1,12 +1,12 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>8.3. Dealing with the select limit</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>9.3. Dealing with the select limit</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Descriptors.html" title="Chapter 8. File Descriptor Management" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html" title="8.2. Preventing file descriptor leaks to child processes" /><link rel="next" href="chap-Defensive_Coding-Tasks-File_System.html" title="Chapter 9. File system manipulation" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li cl
ass="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-File_System.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Descriptors-Limit"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">8.3. Dealing with the <code class="function">select</code> limit</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Descriptors.html" title="Chapter 9. File Descriptor Management" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html" title="9.2. Preventing file descriptor leaks to child processes" /><link rel="next" href="chap-Defensive_Coding-Tasks-File_System.html" title="Chapter 10. File system manipulation" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li c
lass="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-File_System.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Descriptors-Limit"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">9.3. Dealing with the <code class="function">select</code> limit</h2></div></div></div><div class="para">
By default, a user is allowed to open only 1024 files in a single process, but the system administrator can easily change this limit (which is necessary for busy network servers). However, there is another restriction which is more difficult to overcome.
</div><div class="para">
The <code class="function">select</code> function only supports a maximum of <code class="literal">FD_SETSIZE</code> file descriptors (that is, the maximum permitted value for a file descriptor is <code class="literal">FD_SETSIZE - 1</code>, usually 1023.) If a process opens many files, descriptors may exceed such limits. It is impossible to query such descriptors using <code class="function">select</code>.
@@ -26,4 +26,4 @@
Close <code class="literal">fd</code> and continue to use <code class="literal">newfd</code>.
</div></li></ul></div><div class="para">
The new descriptor has been allocated above the <code class="literal">FD_SETSIZE</code>. Even though this algorithm is racy in the sense that the <code class="literal">FD_SETSIZE</code> first descriptors could fill up, a very high degree of physical parallelism is required before this becomes a problem.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html"><strong>Prev</strong>8.2. Preventing file descriptor leaks to child pr...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-File_System.html"><strong>Next</strong>Chapter 9. File system manipulation</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html"><strong>Prev</strong>9.2. Preventing file descriptor leaks to child pr...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-File_System.html"><strong>Next</strong>Chapter 10. File system manipulation</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Descriptors.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Descriptors.html
index 3417132..82b3bf2 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Descriptors.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Descriptors.html
@@ -1,20 +1,20 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 8. File Descriptor Management</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 9. File Descriptor Management</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt02.html" title="Part II. Specific Programming Tasks" /><link rel="prev" href="ch07s04.html" title="7.4. Process attributes" /><link rel="next" href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html" title="8.2. Preventing file descriptor leaks to child processes" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch07s04.html"><strong>Prev</strong></a></li>
<li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="sect-Defensive_Coding-Tasks-Descriptors" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 8. File Descriptor Management</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm225440737696">8.1. Closing descriptors</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm225454974624">8.1.1. Error handling during descriptor close</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm225452561072">8.1.2. Closing descriptors and race conditions</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm225462035824">8.1.3. Lingering state after close</a></span></dt><
/dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html">8.2. Preventing file descriptor leaks to child processes</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html">8.3. Dealing with the <code class="function">select</code> limit</a></span></dt></dl></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt02.html" title="Part II. Specific Programming Tasks" /><link rel="prev" href="ch08s04.html" title="8.4. Process attributes" /><link rel="next" href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html" title="9.2. Preventing file descriptor leaks to child processes" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch08s04.html"><strong>Prev</strong></a></li>
<li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="sect-Defensive_Coding-Tasks-Descriptors" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 9. File Descriptor Management</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm225460870016">9.1. Closing descriptors</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm225453053392">9.1.1. Error handling during descriptor close</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm225444138928">9.1.2. Closing descriptors and race conditions</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors.html#idm225451347680">9.1.3. Lingering state after close</a></span></dt><
/dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html">9.2. Preventing file descriptor leaks to child processes</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html">9.3. Dealing with the <code class="function">select</code> limit</a></span></dt></dl></div><div class="para">
File descriptors underlie all input/output mechanisms offered by the system. They are used to implementation the <code class="literal">FILE *</code>-based functions found in <code class="literal"><stdio.h></code>, and all the file and network communication facilities provided by the Python and Java environments are eventually implemented in them.
</div><div class="para">
File descriptors are small, non-negative integers in userspace, and are backed on the kernel side with complicated data structures which can sometimes grow very large.
- </div><div class="section" id="idm225440737696"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225440737696">8.1. Closing descriptors</h2></div></div></div><div class="para">
- If a descriptor is no longer used by a program and is not closed explicitly, its number cannot be reused (which is problematic in itself, see <a class="xref" href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html">Section 8.3, “Dealing with the <code class="function">select</code> limit”</a>), and the kernel resources are not freed. Therefore, it is important to close all descriptors at the earlierst point in time possible, but not earlier.
- </div><div class="section" id="idm225454974624"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225454974624">8.1.1. Error handling during descriptor close</h3></div></div></div><div class="para">
+ </div><div class="section" id="idm225460870016"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title" id="idm225460870016">9.1. Closing descriptors</h2></div></div></div><div class="para">
+ If a descriptor is no longer used by a program and is not closed explicitly, its number cannot be reused (which is problematic in itself, see <a class="xref" href="sect-Defensive_Coding-Tasks-Descriptors-Limit.html">Section 9.3, “Dealing with the <code class="function">select</code> limit”</a>), and the kernel resources are not freed. Therefore, it is important to close all descriptors at the earlierst point in time possible, but not earlier.
+ </div><div class="section" id="idm225453053392"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225453053392">9.1.1. Error handling during descriptor close</h3></div></div></div><div class="para">
The <code class="function">close</code> system call is always successful in the sense that the passed file descriptor is never valid after the function has been called. However, <code class="function">close</code> still can return an error, for example if there was a file system failure. But this error is not very useful because the absence of an error does not mean that all caches have been emptied and previous writes have been made durable. Programs which need such guarantees must open files with <code class="literal">O_SYNC</code> or use <code class="literal">fsync</code> or <code class="literal">fdatasync</code>, and may also have to <code class="literal">fsync</code> the directory containing the file.
- </div></div><div class="section" id="idm225452561072"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225452561072">8.1.2. Closing descriptors and race conditions</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225444138928"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225444138928">9.1.2. Closing descriptors and race conditions</h3></div></div></div><div class="para">
Unlike process IDs, which are recycle only gradually, the kernel always allocates the lowest unused file descriptor when a new descriptor is created. This means that in a multi-threaded program which constantly opens and closes file descriptors, descriptors are reused very quickly. Unless descriptor closing and other operations on the same file descriptor are synchronized (typically, using a mutex), there will be race coniditons and I/O operations will be applied to the wrong file descriptor.
</div><div class="para">
Sometimes, it is necessary to close a file descriptor concurrently, while another thread might be about to use it in a system call. In order to support this, a program needs to create a single special file descriptor, one on which all I/O operations fail. One way to achieve this is to use <code class="function">socketpair</code>, close one of the descriptors, and call <code class="literal">shutdown(fd, SHUTRDWR)</code> on the other.
@@ -22,7 +22,7 @@
When a descriptor is closed concurrently, the program does not call <code class="function">close</code> on the descriptor. Instead it program uses <code class="function">dup2</code> to replace the descriptor to be closed with the dummy descriptor created earlier. This way, the kernel will not reuse the descriptor, but it will carry out all other steps associated with calling a descriptor (for instance, if the descriptor refers to a stream socket, the peer will be notified).
</div><div class="para">
This is just a sketch, and many details are missing. Additional data structures are needed to determine when it is safe to really close the descriptor, and proper locking is required for that.
- </div></div><div class="section" id="idm225462035824"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225462035824">8.1.3. Lingering state after close</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="idm225451347680"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225451347680">9.1.3. Lingering state after close</h3></div></div></div><div class="para">
By default, closing a stream socket returns immediately, and the kernel will try to send the data in the background. This means that it is impossible to implement accurate accounting of network-related resource utilization from userspace.
</div><div class="para">
The <code class="literal">SO_LINGER</code> socket option alters the behavior of <code class="function">close</code>, so that it will return only after the lingering data has been processed, either by sending it to the peer successfully, or by discarding it after the configured timeout. However, there is no interface which could perform this operation in the background, so a separate userspace thread is needed for each <code class="function">close</code> call, causing scalability issues.
@@ -30,4 +30,4 @@
Currently, there is no application-level countermeasure which applies universally. Mitigation is possible with <span class="application"><strong>iptables</strong></span> (the <code class="literal">connlimit</code> match type in particular) and specialized filtering devices for denial-of-service network traffic.
</div><div class="para">
These problems are not related to the <code class="literal">TIME_WAIT</code> state commonly seen in <span class="application"><strong>netstat</strong></span> output. The kernel automatically expires such sockets if necessary.
- </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch07s04.html"><strong>Prev</strong>7.4. Process attributes</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html"><strong>Next</strong>8.2. Preventing file descriptor leaks to child pr...</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch08s04.html"><strong>Prev</strong>8.4. Process attributes</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html"><strong>Next</strong>9.2. Preventing file descriptor leaks to child pr...</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-File_System-Features.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-File_System-Features.html
index f0af83f..556cb68 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-File_System-Features.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-File_System-Features.html
@@ -1,12 +1,12 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>9.4. File system features</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.4. File system features</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-File_System.html" title="Chapter 9. File system manipulation" /><link rel="prev" href="sect-Defensive_Coding-Tasks-File_System-Limits.html" title="9.3. File system limits" /><link rel="next" href="sect-Defensive_Coding-Tasks-File_System-Free_Space.html" title="9.5. Checking free space" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-De
fensive_Coding-Tasks-File_System-Limits.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-File_System-Free_Space.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Features"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">9.4. File system features</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-File_System.html" title="Chapter 10. File system manipulation" /><link rel="prev" href="sect-Defensive_Coding-Tasks-File_System-Limits.html" title="10.3. File system limits" /><link rel="next" href="sect-Defensive_Coding-Tasks-File_System-Free_Space.html" title="10.5. Checking free space" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect
-Defensive_Coding-Tasks-File_System-Limits.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-File_System-Free_Space.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Features"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">10.4. File system features</h2></div></div></div><div class="para">
Not all file systems support all features. This makes it very difficult to write general-purpose tools for copying files. For example, a copy operation intending to preserve file permissions will generally fail when copying to a FAT file system.
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
Some file systems are case-insensitive. Most should be case-preserving, though.
@@ -32,4 +32,4 @@
Locking semantics vary among file systems. This affects advisory and mandatory locks. For example, some network file systems do not allow deleting files which are opened by any process.
</div></li><li class="listitem"><div class="para">
Resolution of time stamps varies from two seconds to nanoseconds. Not all time stamps are available on all file systems. File creation time (<span class="emphasis"><em>birth time</em></span>) is not exposed over the <code class="function">stat</code>/<code class="function">fstat</code> interface, even if stored by the file system.
- </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-File_System-Limits.html"><strong>Prev</strong>9.3. File system limits</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-File_System-Free_Space.html"><strong>Next</strong>9.5. Checking free space</a></li></ul></body></html>
\ No newline at end of file
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-File_System-Limits.html"><strong>Prev</strong>10.3. File system limits</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-File_System-Free_Space.html"><strong>Next</strong>10.5. Checking free space</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-File_System-Foreign.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-File_System-Foreign.html
index efb9dde..4808a89 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-File_System-Foreign.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-File_System-Foreign.html
@@ -1,17 +1,17 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>9.2. Accessing the file system as a different user</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.2. Accessing the file system as a different user</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-File_System.html" title="Chapter 9. File system manipulation" /><link rel="prev" href="chap-Defensive_Coding-Tasks-File_System.html" title="Chapter 9. File system manipulation" /><link rel="next" href="sect-Defensive_Coding-Tasks-File_System-Limits.html" title="9.3. File system limits" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-D
efensive_Coding-Tasks-File_System.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-File_System-Limits.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Foreign"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">9.2. Accessing the file system as a different user</h2></div></div></div><div class="para">
- This section deals with access to the file system as a specific user. This is different from accessing files and directories owned by a different, potentially untrusted user; see <a class="xref" href="sect-Defensive_Coding-Tasks-File_System-Foreign.html">Section 9.2, “Accessing the file system as a different user”</a>.
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-File_System.html" title="Chapter 10. File system manipulation" /><link rel="prev" href="chap-Defensive_Coding-Tasks-File_System.html" title="Chapter 10. File system manipulation" /><link rel="next" href="sect-Defensive_Coding-Tasks-File_System-Limits.html" title="10.3. File system limits" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="cha
p-Defensive_Coding-Tasks-File_System.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-File_System-Limits.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Foreign"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">10.2. Accessing the file system as a different user</h2></div></div></div><div class="para">
+ This section deals with access to the file system as a specific user. This is different from accessing files and directories owned by a different, potentially untrusted user; see <a class="xref" href="sect-Defensive_Coding-Tasks-File_System-Foreign.html">Section 10.2, “Accessing the file system as a different user”</a>.
</div><div class="para">
One approach is to spawn a child process which runs under the target user and group IDs (both effective and real IDs). Note that this child process can block indefinitely, even when processing regular files only. For example, a special FUSE file system could cause the process to hang in uninterruptible sleep inside a <code class="function">stat</code> system call.
</div><div class="para">
An existing process could change its user and group ID using <code class="function">setfsuid</code> and <code class="function">setfsgid</code>. (These functions are preferred over <code class="function">seteuid</code> and <code class="function">setegid</code> because they do not allow the impersonated user to send signals to the process.) These functions are not thread safe. In multi-threaded processes, these operations need to be performed in a single-threaded child process. Unexpected blocking may occur as well.
</div><div class="para">
It is not recommended to try to reimplement the kernel permission checks in user space because the required checks are complex. It is also very difficult to avoid race conditions during path name resolution.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Tasks-File_System.html"><strong>Prev</strong>Chapter 9. File system manipulation</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-File_System-Limits.html"><strong>Next</strong>9.3. File system limits</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Tasks-File_System.html"><strong>Prev</strong>Chapter 10. File system manipulation</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-File_System-Limits.html"><strong>Next</strong>10.3. File system limits</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-File_System-Free_Space.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-File_System-Free_Space.html
index b0a0642..0c9b6a8 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-File_System-Free_Space.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-File_System-Free_Space.html
@@ -1,11 +1,11 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>9.5. Checking free space</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.5. Checking free space</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-File_System.html" title="Chapter 9. File system manipulation" /><link rel="prev" href="sect-Defensive_Coding-Tasks-File_System-Features.html" title="9.4. File system features" /><link rel="next" href="chap-Defensive_Coding-Tasks-Temporary_Files.html" title="Chapter 10. Temporary files" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-D
efensive_Coding-Tasks-File_System-Features.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Temporary_Files.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Free_Space"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">9.5. Checking free space</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-File_System.html" title="Chapter 10. File system manipulation" /><link rel="prev" href="sect-Defensive_Coding-Tasks-File_System-Features.html" title="10.4. File system features" /><link rel="next" href="chap-Defensive_Coding-Tasks-Temporary_Files.html" title="Chapter 11. Temporary files" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect
-Defensive_Coding-Tasks-File_System-Features.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Temporary_Files.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Free_Space"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">10.5. Checking free space</h2></div></div></div><div class="para">
The <code class="function">statvfs</code> and <code class="function">fstatvfs</code> functions allow programs to examine the number of available blocks and inodes, through the members <code class="literal">f_bfree</code>, <code class="literal">f_bavail</code>, <code class="literal">f_ffree</code>, and <code class="literal">f_favail</code> of <code class="literal">struct statvfs</code>. Some file systems return fictional values in the <code class="literal">f_ffree</code> and <code class="literal">f_favail</code> fields, so the only reliable way to discover if the file system still has space for a file is to try to create it. The <code class="literal">f_bfree</code> field should be reasonably accurate, though.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-File_System-Features.html"><strong>Prev</strong>9.4. File system features</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Temporary_Files.html"><strong>Next</strong>Chapter 10. Temporary files</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-File_System-Features.html"><strong>Prev</strong>10.4. File system features</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Temporary_Files.html"><strong>Next</strong>Chapter 11. Temporary files</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-File_System-Limits.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-File_System-Limits.html
index c6f19cb..587254d 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-File_System-Limits.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-File_System-Limits.html
@@ -1,13 +1,13 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>9.3. File system limits</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.3. File system limits</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-File_System.html" title="Chapter 9. File system manipulation" /><link rel="prev" href="sect-Defensive_Coding-Tasks-File_System-Foreign.html" title="9.2. Accessing the file system as a different user" /><link rel="next" href="sect-Defensive_Coding-Tasks-File_System-Features.html" title="9.4. File system features" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a
accesskey="p" href="sect-Defensive_Coding-Tasks-File_System-Foreign.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-File_System-Features.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Limits"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">9.3. File system limits</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-File_System.html" title="Chapter 10. File system manipulation" /><link rel="prev" href="sect-Defensive_Coding-Tasks-File_System-Foreign.html" title="10.2. Accessing the file system as a different user" /><link rel="next" href="sect-Defensive_Coding-Tasks-File_System-Features.html" title="10.4. File system features" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous">
<a accesskey="p" href="sect-Defensive_Coding-Tasks-File_System-Foreign.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-File_System-Features.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-File_System-Limits"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">10.3. File system limits</h2></div></div></div><div class="para">
For historical reasons, there are preprocessor constants such as <code class="literal">PATH_MAX</code>, <code class="literal">NAME_MAX</code>. However, on most systems, the length of canonical path names (absolute path names with all symbolic links resolved, as returned by <code class="function">realpath</code> or <code class="function">canonicalize_file_name</code>) can exceed <code class="literal">PATH_MAX</code> bytes, and individual file name components can be longer than <code class="literal">NAME_MAX</code>. This is also true of the <code class="literal">_PC_PATH_MAX</code> and <code class="literal">_PC_NAME_MAX</code> values returned by <code class="function">pathconf</code>, and the <code class="literal">f_namemax</code> member of <code class="literal">struct statvfs</code>. Therefore, these constants should not be used. This is also reason why the <code class="function">readdir_r</code> should never be used (instead, use <code class="function">readdir</code>).
</div><div class="para">
You should not write code in a way that assumes that there is an upper limit on the number of subdirectories of a directory, the number of regular files in a directory, or the link count of an inode.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-File_System-Foreign.html"><strong>Prev</strong>9.2. Accessing the file system as a different user</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-File_System-Features.html"><strong>Next</strong>9.4. File system features</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-File_System-Foreign.html"><strong>Prev</strong>10.2. Accessing the file system as a different us...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-File_System-Features.html"><strong>Next</strong>10.4. File system features</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Library_Design-Callbacks.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Library_Design-Callbacks.html
index b03e6a4..f1950d4 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Library_Design-Callbacks.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Library_Design-Callbacks.html
@@ -1,12 +1,12 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>7.3. Callbacks</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>8.3. Callbacks</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Library_Design.html" title="Chapter 7. Library Design" /><link rel="prev" href="ch07s02.html" title="7.2. Object orientation" /><link rel="next" href="ch07s04.html" title="7.4. Process attributes" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch07s02.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch07s04.html"
><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Library_Design-Callbacks"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">7.3. Callbacks</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Library_Design.html" title="Chapter 8. Library Design" /><link rel="prev" href="ch08s02.html" title="8.2. Object orientation" /><link rel="next" href="ch08s04.html" title="8.4. Process attributes" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch08s02.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch08s04.html"
><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Library_Design-Callbacks"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">8.3. Callbacks</h2></div></div></div><div class="para">
Higher-order code is difficult to analyze for humans and computers alike, so it should be avoided. Often, an iterator-based interface (a library function which is called repeatedly by client code and returns a stream of events) leads to a better design which is easier to document and use.
</div><div class="para">
If callbacks are unavoidable, some guidelines for them follow.
@@ -18,4 +18,4 @@
Callbacks can throw exceptions or call <code class="function">longjmp</code>. If possible, all library objects should remain in a valid state. (All further operations on them can fail, but it should be possible to deallocate them without causing resource leaks.)
</div><div class="para">
The presence of callbacks raises the question if functions provided by the library are <span class="emphasis"><em>reentrant</em></span>. Unless a library was designed for such use, bad things will happen if a callback function uses functions in the same library (particularly if they are invoked on the same objects and manipulate the same state). When the callback is invoked, the library can be in an inconsistent state. Reentrant functions are more difficult to write than thread-safe functions (by definition, simple locking would immediately lead to deadlocks). It is also difficult to decide what to do when destruction of an object which is currently processing a callback is requested.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch07s02.html"><strong>Prev</strong>7.2. Object orientation</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch07s04.html"><strong>Next</strong>7.4. Process attributes</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch08s02.html"><strong>Prev</strong>8.2. Object orientation</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch08s04.html"><strong>Next</strong>8.4. Process attributes</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Packaging-Certificates-Service.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Packaging-Certificates-Service.html
index 51e4a59..5f5cdda 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Packaging-Certificates-Service.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Packaging-Certificates-Service.html
@@ -1,15 +1,15 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>14.2. Generating X.509 self-signed certificates before service start</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>15.2. Generating X.509 self-signed certificates before service start</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Packaging.html" title="Chapter 14. RPM packaging" /><link rel="prev" href="chap-Defensive_Coding-Tasks-Packaging.html" title="Chapter 14. RPM packaging" /><link rel="next" href="pt03.html" title="Part III. Implementing Security Features" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Tasks-Packaging.html"><strong>Pr
ev</strong></a></li><li class="next"><a accesskey="n" href="pt03.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Packaging-Certificates-Service"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">14.2. Generating X.509 self-signed certificates before service start</h2></div></div></div><div class="para">
- An alternative way to automatically provide an X.509 key pair is to create it just before the service is started for the first time. This ensures that installation images which are created from installed RPM packages receive different key material. Creating the key pair at package installation time (see <a class="xref" href="chap-Defensive_Coding-Tasks-Packaging.html#sect-Defensive_Coding-Tasks-Packaging-Certificates">Section 14.1, “Generating X.509 self-signed certificates during installation”</a>) would put the key into the image, which may or may not make sense.
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Packaging.html" title="Chapter 15. RPM packaging" /><link rel="prev" href="chap-Defensive_Coding-Tasks-Packaging.html" title="Chapter 15. RPM packaging" /><link rel="next" href="pt03.html" title="Part III. Implementing Security Features" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Tasks-Packaging.html"><strong>Pr
ev</strong></a></li><li class="next"><a accesskey="n" href="pt03.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Packaging-Certificates-Service"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">15.2. Generating X.509 self-signed certificates before service start</h2></div></div></div><div class="para">
+ An alternative way to automatically provide an X.509 key pair is to create it just before the service is started for the first time. This ensures that installation images which are created from installed RPM packages receive different key material. Creating the key pair at package installation time (see <a class="xref" href="chap-Defensive_Coding-Tasks-Packaging.html#sect-Defensive_Coding-Tasks-Packaging-Certificates">Section 15.1, “Generating X.509 self-signed certificates during installation”</a>) would put the key into the image, which may or may not make sense.
</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
- The caveats about the way the key is generated in <a class="xref" href="chap-Defensive_Coding-Tasks-Packaging.html#sect-Defensive_Coding-Tasks-Packaging-Certificates">Section 14.1, “Generating X.509 self-signed certificates during installation”</a> apply to this procedure as well.
+ The caveats about the way the key is generated in <a class="xref" href="chap-Defensive_Coding-Tasks-Packaging.html#sect-Defensive_Coding-Tasks-Packaging-Certificates">Section 15.1, “Generating X.509 self-signed certificates during installation”</a> apply to this procedure as well.
</div></div></div><div class="para">
Generating key material before service start may happen very early during boot, when the kernel randomness pool has not yet been initialized. Currently, the only way to check for the initialization is to look for the kernel message <code class="literal">random: nonblocking pool is initialized</code>. In theory, it is also possible to read from <code class="filename">/dev/random</code> while generating the key material (instead of <code class="filename">/dev/urandom</code>), but this can block not just during the boot process, but also much later at run time, and generally results in a poor user experience.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Tasks-Packaging.html"><strong>Prev</strong>Chapter 14. RPM packaging</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="pt03.html"><strong>Next</strong>Part III. Implementing Security Features</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Defensive_Coding-Tasks-Packaging.html"><strong>Prev</strong>Chapter 15. RPM packaging</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="pt03.html"><strong>Next</strong>Part III. Implementing Security Features</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Processes-Daemons.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Processes-Daemons.html
index c42f095..c748764 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Processes-Daemons.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Processes-Daemons.html
@@ -1,12 +1,12 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>11.4. Daemons</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.4. Daemons</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Processes.html" title="Chapter 11. Processes" /><link rel="prev" href="ch11s03.html" title="11.3. SUID/SGID processes" /><link rel="next" href="ch11s05.html" title="11.5. Semantics of command line arguments" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch11s03.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch
11s05.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Processes-Daemons"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">11.4. Daemons</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Processes.html" title="Chapter 12. Processes" /><link rel="prev" href="ch12s03.html" title="12.3. SUID/SGID processes" /><link rel="next" href="ch12s05.html" title="12.5. Semantics of command line arguments" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch12s03.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch
12s05.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Processes-Daemons"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">12.4. Daemons</h2></div></div></div><div class="para">
Background processes providing system services (<span class="emphasis"><em>daemons</em></span>) need to decouple themselves from the controlling terminal and the parent process environment:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
Fork.
@@ -22,4 +22,4 @@
Other aspects of the process environment may have to changed as well (environment variables, signal handler disposition).
</div><div class="para">
It is increasingly common that server processes do not run as background processes, but as regular foreground process under a supervising master process (such as <span class="application"><strong>systemd</strong></span>). Server processes should offer a command line option which disables forking and replacement of the standard output and standard error streams. Such an option is also useful for debugging.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch11s03.html"><strong>Prev</strong>11.3. SUID/SGID processes</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch11s05.html"><strong>Next</strong>11.5. Semantics of command line arguments</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch12s03.html"><strong>Prev</strong>12.3. SUID/SGID processes</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch12s05.html"><strong>Next</strong>12.5. Semantics of command line arguments</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html
index 9335d1b..cce3ea4 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html
@@ -1,11 +1,11 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>11.6. fork as a primitive for parallelism</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.6. fork as a primitive for parallelism</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Processes.html" title="Chapter 11. Processes" /><link rel="prev" href="ch11s05.html" title="11.5. Semantics of command line arguments" /><link rel="next" href="chap-Defensive_Coding-Tasks-Serialization.html" title="Chapter 12. Serialization and Deserialization" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch11s05.html"><strong>Prev</str
ong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Serialization.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">11.6. <code class="function">fork</code> as a primitive for parallelism</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Processes.html" title="Chapter 12. Processes" /><link rel="prev" href="ch12s05.html" title="12.5. Semantics of command line arguments" /><link rel="next" href="chap-Defensive_Coding-Tasks-Serialization.html" title="Chapter 13. Serialization and Deserialization" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch12s05.html"><strong>Prev</str
ong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Serialization.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">12.6. <code class="function">fork</code> as a primitive for parallelism</h2></div></div></div><div class="para">
A call to <code class="function">fork</code> which is not immediately followed by a call to <code class="function">execve</code> (perhaps after rearranging and closing file descriptors) is typically unsafe, especially from a library which does not control the state of the entire process. Such use of <code class="function">fork</code> should be replaced with proper child processes or threads.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch11s05.html"><strong>Prev</strong>11.5. Semantics of command line arguments</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Serialization.html"><strong>Next</strong>Chapter 12. Serialization and Deserialization</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch12s05.html"><strong>Prev</strong>12.5. Semantics of command line arguments</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Defensive_Coding-Tasks-Serialization.html"><strong>Next</strong>Chapter 13. Serialization and Deserialization</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Processes.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Processes.html
index ab35d80..2de5ecc 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Processes.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Processes.html
@@ -1,20 +1,20 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 11. Processes</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 12. Processes</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt02.html" title="Part II. Specific Programming Tasks" /><link rel="prev" href="ch10s05.html" title="10.5. Compensating for unsafe file creation" /><link rel="next" href="ch11s02.html" title="11.2. Handling child process termination" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch10s05.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch11
s02.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="sect-Defensive_Coding-Tasks-Processes" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 11. Processes</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-Creation">11.1. Safe process creation</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#idm225447262352">11.1.1. Obtaining the program path and the command line template</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-execve">11.1.2. Bypassing the shell</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-environ">11.1.3. Specifying the process environment</a></span></dt><dt><span class="s
ection"><a href="sect-Defensive_Coding-Tasks-Processes.html#idm225452426368">11.1.4. Robust argument list processing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-Command_Line_Visibility">11.1.5. Passing secrets to subprocesses</a></span></dt></dl></dd><dt><span class="section"><a href="ch11s02.html">11.2. Handling child process termination</a></span></dt><dt><span class="section"><a href="ch11s03.html">11.3. <code class="literal">SUID</code>/<code class="literal">SGID</code> processes</a></span></dt><dd><dl><dt><span class="section"><a href="ch11s03.html#sect-Defensive_Coding-Tasks-secure_getenv">11.3.1. Accessing environment variables</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes-Daemons.html">11.4. Daemons</a></span></dt><dt><span class="section"><a href="ch11s05.html">11.5. Semantics of command line arguments</a></span></dt><dt><span cl
ass="section"><a href="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html">11.6. <code class="function">fork</code> as a primitive for parallelism</a></span></dt></dl></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-Creation"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">11.1. Safe process creation</h2></div></div></div><div class="para">
- This section describes how to create new child processes in a safe manner. In addition to the concerns addressed below, there is the possibility of file descriptor leaks, see <a class="xref" href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html">Section 8.2, “Preventing file descriptor leaks to child processes”</a>.
- </div><div class="section" id="idm225447262352"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225447262352">11.1.1. Obtaining the program path and the command line template</h3></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="pt02.html" title="Part II. Specific Programming Tasks" /><link rel="prev" href="ch11s05.html" title="11.5. Compensating for unsafe file creation" /><link rel="next" href="ch12s02.html" title="12.2. Handling child process termination" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch11s05.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch12
s02.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="sect-Defensive_Coding-Tasks-Processes" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 12. Processes</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-Creation">12.1. Safe process creation</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#idm225445040976">12.1.1. Obtaining the program path and the command line template</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-execve">12.1.2. Bypassing the shell</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-environ">12.1.3. Specifying the process environment</a></span></dt><dt><span class="s
ection"><a href="sect-Defensive_Coding-Tasks-Processes.html#idm225434989808">12.1.4. Robust argument list processing</a></span></dt><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-Command_Line_Visibility">12.1.5. Passing secrets to subprocesses</a></span></dt></dl></dd><dt><span class="section"><a href="ch12s02.html">12.2. Handling child process termination</a></span></dt><dt><span class="section"><a href="ch12s03.html">12.3. <code class="literal">SUID</code>/<code class="literal">SGID</code> processes</a></span></dt><dd><dl><dt><span class="section"><a href="ch12s03.html#sect-Defensive_Coding-Tasks-secure_getenv">12.3.1. Accessing environment variables</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Defensive_Coding-Tasks-Processes-Daemons.html">12.4. Daemons</a></span></dt><dt><span class="section"><a href="ch12s05.html">12.5. Semantics of command line arguments</a></span></dt><dt><span cl
ass="section"><a href="sect-Defensive_Coding-Tasks-Processes-Fork-Parallel.html">12.6. <code class="function">fork</code> as a primitive for parallelism</a></span></dt></dl></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-Creation"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">12.1. Safe process creation</h2></div></div></div><div class="para">
+ This section describes how to create new child processes in a safe manner. In addition to the concerns addressed below, there is the possibility of file descriptor leaks, see <a class="xref" href="sect-Defensive_Coding-Tasks-Descriptors-Child_Processes.html">Section 9.2, “Preventing file descriptor leaks to child processes”</a>.
+ </div><div class="section" id="idm225445040976"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225445040976">12.1.1. Obtaining the program path and the command line template</h3></div></div></div><div class="para">
The name and path to the program being invoked should be hard-coded or controlled by a static configuration file stored at a fixed location (at an file system absolute path). The same applies to the template for generating the command line.
</div><div class="para">
- The configured program name should be an absolute path. If it is a relative path, the contents of the <code class="envar">PATH</code> must be obtained in a secure manner (see <a class="xref" href="ch11s03.html#sect-Defensive_Coding-Tasks-secure_getenv">Section 11.3.1, “Accessing environment variables”</a>). If the <code class="envar">PATH</code> variable is not set or untrusted, the safe default <code class="literal">/bin:/usr/bin</code> must be used.
+ The configured program name should be an absolute path. If it is a relative path, the contents of the <code class="envar">PATH</code> must be obtained in a secure manner (see <a class="xref" href="ch12s03.html#sect-Defensive_Coding-Tasks-secure_getenv">Section 12.3.1, “Accessing environment variables”</a>). If the <code class="envar">PATH</code> variable is not set or untrusted, the safe default <code class="literal">/bin:/usr/bin</code> must be used.
</div><div class="para">
If too much flexibility is provided here, it may allow invocation of arbitrary programs without proper authorization.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-execve"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">11.1.2. Bypassing the shell</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-execve"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.1.2. Bypassing the shell</h3></div></div></div><div class="para">
Child processes should be created without involving the system shell.
</div><div class="para">
For C/C++, <code class="function">system</code> should not be used. The <code class="function">posix_spawn</code> function can be used instead, or a combination <code class="function">fork</code> and <code class="function">execve</code>. (In some cases, it may be preferable to use <code class="function">vfork</code> or the Linux-specific <code class="function">clone</code> system call instead of <code class="function">fork</code>.)
@@ -26,7 +26,7 @@
On Windows, there is no argument vector, only a single argument string. Each application is responsible for parsing this string into an argument vector. There is considerable variance among the quoting style recognized by applications. Some of them expand shell wildcards, others do not. Extensive application-specific testing is required to make this secure.
</div></div></div><div class="para">
Note that some common applications (notably <span class="application"><strong>ssh</strong></span>) unconditionally introduce the use of a shell, even if invoked directly without a shell. It is difficult to use these applications in a secure manner. In this case, untrusted data should be supplied by other means. For example, standard input could be used, instead of the command line.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-environ"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">11.1.3. Specifying the process environment</h3></div></div></div><div class="para">
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-environ"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.1.3. Specifying the process environment</h3></div></div></div><div class="para">
Child processes should be created with a minimal set of environment variables. This is absolutely essential if there is a trust transition involved, either when the parent process was created, or during the creation of the child process.
</div><div class="para">
In C/C++, the environment should be constructed as an array of strings and passed as the <code class="varname">envp</code> argument to <code class="function">posix_spawn</code> or <code class="function">execve</code>. The functions <code class="function">setenv</code>, <code class="function">unsetenv</code> and <code class="function">putenv</code> should not be used. They are not thread-safe and suffer from memory leaks.
@@ -43,10 +43,10 @@
</div></li><li class="listitem"><div class="para">
The location-related environment variables <code class="envar">LANG</code>, <code class="envar">LANGUAGE</code>, <code class="envar">LC_ADDRESS</code>, <code class="envar">LC_ALL</code>, <code class="envar">LC_COLLATE</code>, <code class="envar">LC_CTYPE</code>, <code class="envar">LC_IDENTIFICATION</code>, <code class="envar">LC_MEASUREMENT</code>, <code class="envar">LC_MESSAGES</code>, <code class="envar">LC_MONETARY</code>, <code class="envar">LC_NAME</code>, <code class="envar">LC_NUMERIC</code>, <code class="envar">LC_PAPER</code>, <code class="envar">LC_TELEPHONE</code> and <code class="envar">LC_TIME</code> can be passed to the subprocess if present.
</div></li><li class="listitem"><div class="para">
- The called process may need application-specific environment variables, for example for passing passwords. (See <a class="xref" href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-Command_Line_Visibility">Section 11.1.5, “Passing secrets to subprocesses”</a>.)
+ The called process may need application-specific environment variables, for example for passing passwords. (See <a class="xref" href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-Command_Line_Visibility">Section 12.1.5, “Passing secrets to subprocesses”</a>.)
</div></li><li class="listitem"><div class="para">
All other environment variables should be dropped. Names for new environment variables should not be accepted from untrusted sources.
- </div></li></ul></div></div><div class="section" id="idm225452426368"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225452426368">11.1.4. Robust argument list processing</h3></div></div></div><div class="para">
+ </div></li></ul></div></div><div class="section" id="idm225434989808"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title" id="idm225434989808">12.1.4. Robust argument list processing</h3></div></div></div><div class="para">
When invoking a program, it is sometimes necessary to include data from untrusted sources. Such data should be checked against embedded <code class="literal">NUL</code> characters because the system APIs will silently truncate argument strings at the first <code class="literal">NUL</code> character.
</div><div class="para">
The following recommendations assume that the program being invoked uses GNU-style option processing using <code class="function">getopt_long</code>. This convention is widely used, but it is just that, and individual programs might interpret a command line in a different way.
@@ -54,10 +54,10 @@
If the untrusted data has to go into an option, use the <code class="literal">--option-name=VALUE</code> syntax, placing the option and its value into the same command line argument. This avoids any potential confusion if the data starts with <code class="literal">-</code>.
</div><div class="para">
For positional arguments, terminate the option list with a single <code class="option">--</code> marker after the last option, and include the data at the right position. The <code class="option">--</code> marker terminates option processing, and the data will not be treated as an option even if it starts with a dash.
- </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-Command_Line_Visibility"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">11.1.5. Passing secrets to subprocesses</h3></div></div></div><div class="para">
- The command line (the name of the program and its argument) of a running process is traditionally available to all local users. The called program can overwrite this information, but only after it has run for a bit of time, during which the information may have been read by other processes. However, on Linux, the process environment is restricted to the user who runs the process. Therefore, if you need a convenient way to pass a password to a child process, use an environment variable, and not a command line argument. (See <a class="xref" href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-environ">Section 11.1.3, “Specifying the process environment”</a>.)
+ </div></div><div class="section" id="sect-Defensive_Coding-Tasks-Processes-Command_Line_Visibility"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.1.5. Passing secrets to subprocesses</h3></div></div></div><div class="para">
+ The command line (the name of the program and its argument) of a running process is traditionally available to all local users. The called program can overwrite this information, but only after it has run for a bit of time, during which the information may have been read by other processes. However, on Linux, the process environment is restricted to the user who runs the process. Therefore, if you need a convenient way to pass a password to a child process, use an environment variable, and not a command line argument. (See <a class="xref" href="sect-Defensive_Coding-Tasks-Processes.html#sect-Defensive_Coding-Tasks-Processes-environ">Section 12.1.3, “Specifying the process environment”</a>.)
</div><div class="important"><div class="admonition_header"><h2>Portability notice</h2></div><div class="admonition"><div class="para">
On some UNIX-like systems (notably Solaris), environment variables can be read by any system user, just like command lines.
</div></div></div><div class="para">
If the environment-based approach cannot be used due to portability concerns, the data can be passed on standard input. Some programs (notably <span class="application"><strong>gpg</strong></span>) use special file descriptors whose numbers are specified on the command line. Temporary files are an option as well, but they might give digital forensics access to sensitive data (such as passphrases) because it is difficult to safely delete them in all cases.
- </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch10s05.html"><strong>Prev</strong>10.5. Compensating for unsafe file creation</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch11s02.html"><strong>Next</strong>11.2. Handling child process termination</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch11s05.html"><strong>Prev</strong>11.5. Compensating for unsafe file creation</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch12s02.html"><strong>Next</strong>12.2. Handling child process termination</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html
index b0e7d92..9efcf6a 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html
@@ -1,12 +1,12 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.3. Fragmentation</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>13.3. Fragmentation</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Serialization.html" title="Chapter 12. Serialization and Deserialization" /><link rel="prev" href="ch12s02.html" title="12.2. Protocol design" /><link rel="next" href="ch12s04.html" title="12.4. Library support for deserialization" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch12s02.html"><strong>Prev</strong></a></li><li class="next"><
a accesskey="n" href="ch12s04.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-Fragmentation"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">12.3. Fragmentation</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Serialization.html" title="Chapter 13. Serialization and Deserialization" /><link rel="prev" href="ch13s02.html" title="13.2. Protocol design" /><link rel="next" href="ch13s04.html" title="13.4. Library support for deserialization" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch13s02.html"><strong>Prev</strong></a></li><li class="next"><
a accesskey="n" href="ch13s04.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-Fragmentation"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">13.3. Fragmentation</h2></div></div></div><div class="para">
Some serialization formats use frames or protocol data units (PDUs) on lower levels which are smaller than the PDUs on higher levels. With such an architecture, higher-level PDUs may have to be <span class="emphasis"><em>fragmented</em></span> into smaller frames during serialization, and frames may need <span class="emphasis"><em>reassembly</em></span> into large PDUs during deserialization.
</div><div class="para">
Serialization formats may use conceptually similar structures for completely different purposes, for example storing multiple layers and color channels in a single image file.
@@ -17,7 +17,7 @@
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
Avoid allocating significant amount of resources without proper authentication. Allocate memory for the unfragmented PDU as more and more and fragments are encountered, and not based on the initially advertised unfragmented PDU size, unless there is a sufficiently low limit on the unfragmented PDU size, so that over-allocation cannot lead to performance problems.
</div></li><li class="listitem"><div class="para">
- Reassembly queues on top of datagram-oriented transports should be bounded, both in the combined size of the arrived partial PDUs waiting for reassembly, and the total number of partially reassembled fragments. The latter limit helps to reduce the risk of accidental reassembly of unrelated fragments, as it can happen with small fragment IDs (see <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html#sect-Defensive_Coding-Tasks-Serialization-Fragmentation-ID">Section 12.3.1, “Fragment IDs”</a>). It also guards to some extent against deliberate injection of fragments, by guessing fragment IDs.
+ Reassembly queues on top of datagram-oriented transports should be bounded, both in the combined size of the arrived partial PDUs waiting for reassembly, and the total number of partially reassembled fragments. The latter limit helps to reduce the risk of accidental reassembly of unrelated fragments, as it can happen with small fragment IDs (see <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-Fragmentation.html#sect-Defensive_Coding-Tasks-Serialization-Fragmentation-ID">Section 13.3.1, “Fragment IDs”</a>). It also guards to some extent against deliberate injection of fragments, by guessing fragment IDs.
</div></li><li class="listitem"><div class="para">
Carefully keep track of which bytes in the unfragmented PDU have been covered by fragments so far. If message reordering is a concern, the most straightforward data structure for this is an array of bits, with one bit for every byte (or other atomic unit) in the unfragmented PDU. Complete reassembly can be determined by increasing a counter of set bits in the bit array as the bit array is updated, taking overlapping fragments into consideration.
</div></li><li class="listitem"><div class="para">
@@ -26,8 +26,8 @@
Check for conflicting values of unfragmented PDU lengths (if this length information is part of every fragment) and reject fragments which are inconsistent.
</div></li><li class="listitem"><div class="para">
Validate fragment lengths and offsets of individual fragments against the unfragmented PDU length (if they are present). Check that the last byte in the fragment does not lie after the end of the unfragmented PDU. Avoid integer overflows in these computations (see <a class="xref" href="chap-Defensive_Coding-C.html#sect-Defensive_Coding-C-Arithmetic">Section 1.1.3, “Recommendations for integer arithmetic”</a>).
- </div></li></ul></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-Fragmentation-ID"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.3.1. Fragment IDs</h3></div></div></div><div class="para">
+ </div></li></ul></div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-Fragmentation-ID"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">13.3.1. Fragment IDs</h3></div></div></div><div class="para">
If the underlying transport is datagram-oriented (so that PDUs can be reordered, duplicated or be lost, like with UDP), fragment reassembly needs to take into account endpoint addresses of the communication channel, and there has to be some sort of fragment ID which identifies the individual fragments as part of a larger PDU. In addition, the fragmentation protocol will typically involve fragment offsets and fragment lengths, as mentioned above.
</div><div class="para">
If the transport may be subject to blind PDU injection (again, like UDP), the fragment ID must be generated randomly. If the fragment ID is 64 bit or larger (strongly recommended), it can be generated in a completely random fashion for most traffic volumes. If it is less than 64 bits large (so that accidental collisions can happen if a lot of PDUs are transmitted), the fragment ID should be incremented sequentially from a starting value. The starting value should be derived using a HMAC-like construction from the endpoint addresses, using a long-lived random key. This construction ensures that despite the limited range of the ID, accidental collisions are as unlikely as possible. (This will not work reliable with really short fragment IDs, such as the 16 bit IDs used by the Internet Protocol.)
- </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch12s02.html"><strong>Prev</strong>12.2. Protocol design</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch12s04.html"><strong>Next</strong>12.4. Library support for deserialization</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch13s02.html"><strong>Prev</strong>13.2. Protocol design</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch13s04.html"><strong>Next</strong>13.4. Library support for deserialization</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-Qt.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-Qt.html
index 44b9650..c23c03f 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-Qt.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-Qt.html
@@ -1,16 +1,16 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.5.6. Using Qt for XML parsing</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>13.5.6. Using Qt for XML parsing</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Serialization-XML.html" title="12.5. XML serialization" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html" title="12.5.5. Using Expat for XML parsing" /><link rel="next" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html" title="12.5.7. Using OpenJDK for XML parsing and validation" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li
class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-Qt"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.5.6. Using Qt for XML parsing</h3></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Serialization-XML.html" title="13.5. XML serialization" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html" title="13.5.5. Using Expat for XML parsing" /><link rel="next" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html" title="13.5.7. Using OpenJDK for XML parsing and validation" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li
class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-Qt"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">13.5.6. Using Qt for XML parsing</h3></div></div></div><div class="para">
The XML component of Qt, QtXml, does not resolve external IDs by default, so it is not requred to prevent such resolution. Internal entities are processed, though. To change that, a custom <code class="literal">QXmlDeclHandler</code> and <code class="literal">QXmlSimpleReader</code> subclasses are needed. It is not possible to use the <code class="function">QDomDocument::setContent(const QByteArray &)</code> convenience methods.
</div><div class="para">
- <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-Qt.html#ex-Defensive_Coding-Tasks-Serialization-XML-Qt-NoEntityHandler">Example 12.3, “A QtXml entity handler which blocks entity processing”</a> shows an entity handler which always returns errors, causing parsing to stop when encountering entity declarations.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Qt-NoEntityHandler"><h6>Example 12.3. A QtXml entity handler which blocks entity processing</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-Qt.html#ex-Defensive_Coding-Tasks-Serialization-XML-Qt-NoEntityHandler">Example 13.3, “A QtXml entity handler which blocks entity processing”</a> shows an entity handler which always returns errors, causing parsing to stop when encountering entity declarations.
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Qt-NoEntityHandler"><h6>Example 13.3. A QtXml entity handler which blocks entity processing</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
class NoEntityHandler : public QXmlDeclHandler {
public:
bool attributeDecl(<span class="perl_DataType">const</span> QString&, <span class="perl_DataType">const</span> QString&, <span class="perl_DataType">const</span> QString&,
@@ -48,8 +48,8 @@ NoEntityHandler::errorString() <span class="perl_DataType">const</span>
<span class="perl_Keyword">return</span> <span class="perl_String">"XML declaration not permitted"</span>;
}
</pre></div></div><br class="example-break" /><div class="para">
- This handler is used in the custom <code class="literal">QXmlReader</code> subclass in <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-Qt.html#ex-Defensive_Coding-Tasks-Serialization-XML-Qt-NoEntityReader">Example 12.4, “A QtXml XML reader which blocks entity processing”</a>. Some parts of QtXml will call the <code class="function">setDeclHandler(QXmlDeclHandler *)</code> method. Consequently, we prevent overriding our custom handler by providing a definition of this method which does nothing. In the constructor, we activate namespace processing; this part may need adjusting.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Qt-NoEntityReader"><h6>Example 12.4. A QtXml XML reader which blocks entity processing</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ This handler is used in the custom <code class="literal">QXmlReader</code> subclass in <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-Qt.html#ex-Defensive_Coding-Tasks-Serialization-XML-Qt-NoEntityReader">Example 13.4, “A QtXml XML reader which blocks entity processing”</a>. Some parts of QtXml will call the <code class="function">setDeclHandler(QXmlDeclHandler *)</code> method. Consequently, we prevent overriding our custom handler by providing a definition of this method which does nothing. In the constructor, we activate namespace processing; this part may need adjusting.
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Qt-NoEntityReader"><h6>Example 13.4. A QtXml XML reader which blocks entity processing</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
class NoEntityReader : public QXmlSimpleReader {
NoEntityHandler handler;
public:
@@ -70,8 +70,8 @@ NoEntityReader::setDeclHandler(QXmlDeclHandler *)
<span class="perl_Comment">// Ignore the handler which was passed in.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>}
</pre></div></div><br class="example-break" /><div class="para">
- Our <code class="literal">NoEntityReader</code> class can be used with one of the overloaded <code class="function">QDomDocument::setContent</code> methods. <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-Qt.html#ex-Defensive_Coding-Tasks-Serialization-XML-Qt-QDomDocument">Example 12.5, “Parsing an XML document with QDomDocument, without entity expansion”</a> shows how the <code class="literal">buffer</code> object (of type <code class="literal">QByteArray</code>) is wrapped as a <code class="literal">QXmlInputSource</code>. After calling the <code class="function">setContent</code> method, you should check the return value and report any error.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Qt-QDomDocument"><h6>Example 12.5. Parsing an XML document with QDomDocument, without entity expansion</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ Our <code class="literal">NoEntityReader</code> class can be used with one of the overloaded <code class="function">QDomDocument::setContent</code> methods. <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-Qt.html#ex-Defensive_Coding-Tasks-Serialization-XML-Qt-QDomDocument">Example 13.5, “Parsing an XML document with QDomDocument, without entity expansion”</a> shows how the <code class="literal">buffer</code> object (of type <code class="literal">QByteArray</code>) is wrapped as a <code class="literal">QXmlInputSource</code>. After calling the <code class="function">setContent</code> method, you should check the return value and report any error.
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Qt-QDomDocument"><h6>Example 13.5. Parsing an XML document with QDomDocument, without entity expansion</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
NoEntityReader reader;
QBuffer buffer(&data);
buffer.open(QIODevice::ReadOnly);
@@ -82,4 +82,4 @@ QString errorMsg;
<span class="perl_DataType">int</span> errorColumn;
bool okay = doc.setContent
(&source, &reader, &errorMsg, &errorLine, &errorColumn);
-</pre></div></div><br class="example-break" /></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html"><strong>Prev</strong>12.5.5. Using Expat for XML parsing</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html"><strong>Next</strong>12.5.7. Using OpenJDK for XML parsing and validat...</a></li></ul></body></html>
\ No newline at end of file
+</pre></div></div><br class="example-break" /></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html"><strong>Prev</strong>13.5.5. Using Expat for XML parsing</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html"><strong>Next</strong>13.5.7. Using OpenJDK for XML parsing and validat...</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html
index f1f19f0..8226f60 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html
@@ -1,13 +1,13 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.5.2. Entity expansion</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>13.5.2. Entity expansion</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Serialization-XML.html" title="12.5. XML serialization" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Serialization-XML.html" title="12.5. XML serialization" /><link rel="next" href="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html" title="12.5.3. XInclude processing" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Def
ensive_Coding-Tasks-Serialization-XML.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-Entities"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.5.2. Entity expansion</h3></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Serialization-XML.html" title="13.5. XML serialization" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Serialization-XML.html" title="13.5. XML serialization" /><link rel="next" href="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html" title="13.5.3. XInclude processing" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Def
ensive_Coding-Tasks-Serialization-XML.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-Entities"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">13.5.2. Entity expansion</h3></div></div></div><div class="para">
When external DTD processing is disabled, an internal DTD subset can still contain entity definitions. Entity declarations can reference other entities. Some XML libraries expand entities automatically, and this processing cannot be switched off in some places (such as attribute values or content models). Without limits on the entity nesting level, this expansion results in data which can grow exponentially in length with size of the input. (If there is a limit on the nesting level, the growth is still polynomial, unless further limits are imposed.)
</div><div class="para">
Consequently, the processing internal DTD subsets should be disabled if possible, and only trusted DTDs should be processed. If a particular XML application does not permit such restrictions, then application-specific limits are called for.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML.html"><strong>Prev</strong>12.5. XML serialization</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html"><strong>Next</strong>12.5.3. XInclude processing</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML.html"><strong>Prev</strong>13.5. XML serialization</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html"><strong>Next</strong>13.5.3. XInclude processing</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html
index 3052a18..84e9d3b 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html
@@ -1,14 +1,14 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.5.5. Using Expat for XML parsing</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>13.5.5. Using Expat for XML parsing</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Serialization-XML.html" title="12.5. XML serialization" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html" title="12.5.4. Algorithmic complexity of XML validation" /><link rel="next" href="sect-Defensive_Coding-Tasks-Serialization-Qt.html" title="12.5.6. Using Qt for XML parsing" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous">
<a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-Qt.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-Expat"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.5.5. Using Expat for XML parsing</h3></div></div></div><div class="para">
- By default, Expat does not try to resolve external IDs, so no steps are required to block them. However, internal entity declarations are processed. Installing a callback which stops parsing as soon as such entities are encountered disables them, see <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html#ex-Defensive_Coding-Tasks-Serialization-XML-Expat-EntityDeclHandler">Example 12.1, “Disabling XML entity processing with Expat”</a>. Expat does not perform any validation, so there are no problems related to that.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Expat-EntityDeclHandler"><h6>Example 12.1. Disabling XML entity processing with Expat</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Serialization-XML.html" title="13.5. XML serialization" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html" title="13.5.4. Algorithmic complexity of XML validation" /><link rel="next" href="sect-Defensive_Coding-Tasks-Serialization-Qt.html" title="13.5.6. Using Qt for XML parsing" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous">
<a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-Qt.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-Expat"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">13.5.5. Using Expat for XML parsing</h3></div></div></div><div class="para">
+ By default, Expat does not try to resolve external IDs, so no steps are required to block them. However, internal entity declarations are processed. Installing a callback which stops parsing as soon as such entities are encountered disables them, see <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html#ex-Defensive_Coding-Tasks-Serialization-XML-Expat-EntityDeclHandler">Example 13.1, “Disabling XML entity processing with Expat”</a>. Expat does not perform any validation, so there are no problems related to that.
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Expat-EntityDeclHandler"><h6>Example 13.1. Disabling XML entity processing with Expat</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Comment">// Stop the parser when an entity declaration is encountered.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span><span class="perl_DataType">static</span> <span class="perl_DataType">void</span>
EntityDeclHandler(<span class="perl_DataType">void</span> *userData,
@@ -20,8 +20,8 @@ EntityDeclHandler(<span class="perl_DataType">void</span> *userData,
XML_StopParser((XML_Parser)userData, XML_FALSE);
}
</pre></div></div><br class="example-break" /><div class="para">
- This handler must be installed when the <code class="literal">XML_Parser</code> object is created (<a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html#ex-Defensive_Coding-Tasks-Serialization-XML-Expat-Create">Example 12.2, “Creating an Expat XML parser”</a>).
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Expat-Create"><h6>Example 12.2. Creating an Expat XML parser</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ This handler must be installed when the <code class="literal">XML_Parser</code> object is created (<a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html#ex-Defensive_Coding-Tasks-Serialization-XML-Expat-Create">Example 13.2, “Creating an Expat XML parser”</a>).
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-Expat-Create"><h6>Example 13.2. Creating an Expat XML parser</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
XML_Parser parser = XML_ParserCreate(<span class="perl_String">"UTF-8"</span>);
<span class="perl_Keyword">if</span> (parser == NULL) {
fprintf(stderr, <span class="perl_String">"XML_ParserCreate failed</span><span class="perl_Char">\n</span><span class="perl_String">"</span>);
@@ -35,4 +35,4 @@ XML_Parser parser = XML_ParserCreate(<span class="perl_String">"UTF-8"</span>);
<span class="perl_Comment"></span>XML_SetEntityDeclHandler(parser, EntityDeclHandler);
</pre></div></div><br class="example-break" /><div class="para">
It is also possible to reject internal DTD subsets altogeher, using a suitable <code class="literal">XML_StartDoctypeDeclHandler</code> handler installed with <code class="function">XML_SetDoctypeDeclHandler</code>.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html"><strong>Prev</strong>12.5.4. Algorithmic complexity of XML validation</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-Qt.html"><strong>Next</strong>12.5.6. Using Qt for XML parsing</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html"><strong>Prev</strong>13.5.4. Algorithmic complexity of XML validation</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-Qt.html"><strong>Next</strong>13.5.6. Using Qt for XML parsing</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-Other.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-Other.html
index e8cf115..fb43a57 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-Other.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-Other.html
@@ -1,13 +1,13 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.5.7.3. Other XML parsers in OpenJDK</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>13.5.7.3. Other XML parsers in OpenJDK</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html" title="12.5.7. Using OpenJDK for XML parsing and validation" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html" title="12.5.7.2. XML Schema validation in OpenJDK" /><link rel="next" href="ch12s06.html" title="12.6. Protocol Encoders" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a
accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch12s06.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-Other"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title">12.5.7.3. Other XML parsers in OpenJDK</h4></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html" title="13.5.7. Using OpenJDK for XML parsing and validation" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html" title="13.5.7.2. XML Schema validation in OpenJDK" /><link rel="next" href="ch13s06.html" title="13.6. Protocol Encoders" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a
accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ch13s06.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-Other"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title">13.5.7.3. Other XML parsers in OpenJDK</h4></div></div></div><div class="para">
OpenJDK contains additional XML parsing and processing facilities. Some of them are insecure.
</div><div class="para">
- The class <span class="type">java.beans.XMLDecoder</span> acts as a bridge between the Java object serialization format and XML. It is close to impossible to securely deserialize Java objects in this format from untrusted inputs, so its use is not recommended, as with the Java object serialization format itself. See <a class="xref" href="ch12s04.html#sect-Defensive_Coding-Tasks-Serialization-Library">Section 12.4, “Library support for deserialization”</a>.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html"><strong>Prev</strong>12.5.7.2. XML Schema validation in OpenJDK</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch12s06.html"><strong>Next</strong>12.6. Protocol Encoders</a></li></ul></body></html>
\ No newline at end of file
+ The class <span class="type">java.beans.XMLDecoder</span> acts as a bridge between the Java object serialization format and XML. It is close to impossible to securely deserialize Java objects in this format from untrusted inputs, so its use is not recommended, as with the Java object serialization format itself. See <a class="xref" href="ch13s04.html#sect-Defensive_Coding-Tasks-Serialization-Library">Section 13.4, “Library support for deserialization”</a>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html"><strong>Prev</strong>13.5.7.2. XML Schema validation in OpenJDK</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ch13s06.html"><strong>Next</strong>13.6. Protocol Encoders</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html
index 7c857a8..a2cdda3 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html
@@ -1,14 +1,14 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.5.7.2. XML Schema validation in OpenJDK</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>13.5.7.2. XML Schema validation in OpenJDK</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html" title="12.5.7. Using OpenJDK for XML parsing and validation" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html" title="12.5.7. Using OpenJDK for XML parsing and validation" /><link rel="next" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-Other.html" title="12.5.7.3. Other XML parsers in OpenJDK" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png
" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-Other.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title">12.5.7.2. XML Schema validation in OpenJDK</h4></div></div></div><div class="para">
- <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_SAX">Example 12.10, “SAX-based validation against an XML schema in OpenJDK”</a> shows how to validate a document against an XML Schema, using a SAX-based approach. The XML data is read from an <code class="literal">java.io.InputStream</code> in the <code class="literal">inputStream</code> variable.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_SAX"><h6>Example 12.10. SAX-based validation against an XML schema in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html" title="13.5.7. Using OpenJDK for XML parsing and validation" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html" title="13.5.7. Using OpenJDK for XML parsing and validation" /><link rel="next" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-Other.html" title="13.5.7.3. Other XML parsers in OpenJDK" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png
" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-Other.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title">13.5.7.2. XML Schema validation in OpenJDK</h4></div></div></div><div class="para">
+ <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_SAX">Example 13.10, “SAX-based validation against an XML schema in OpenJDK”</a> shows how to validate a document against an XML Schema, using a SAX-based approach. The XML data is read from an <code class="literal">java.io.InputStream</code> in the <code class="literal">inputStream</code> variable.
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_SAX"><h6>Example 13.10. SAX-based validation against an XML schema in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
SchemaFactory factory = SchemaFactory.<span class="perl_Function">newInstance</span>(
XMLConstants.<span class="perl_Function">W3C_XML_SCHEMA_NS_URI</span>);
@@ -30,10 +30,10 @@ Validator validator = schema.<span class="perl_Function">newValidator</span>();
validator.<span class="perl_Function">validate</span>(<span class="perl_Keyword">new</span> SAXSource(<span class="perl_Keyword">new</span> InputSource(inputStream)));
</pre></div></div><br class="example-break" /><div class="para">
- The <code class="literal">NoResourceResolver</code> class is defined in <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-NoResourceResolver">Example 12.7, “Helper class to prevent schema resolution in OpenJDK”</a>.
+ The <code class="literal">NoResourceResolver</code> class is defined in <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-NoResourceResolver">Example 13.7, “Helper class to prevent schema resolution in OpenJDK”</a>.
</div><div class="para">
- If you need to validate a document against an XML schema, use the code in <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-DOM">Example 12.9, “DOM-based XML parsing in OpenJDK”</a> to create the document, but do not enable validation at this point. Then use <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_DOM">Example 12.11, “Validation of a DOM document against an XML schema in OpenJDK”</a> to perform the schema-based validation on the <code class="literal">org.w3c.dom.Document</code> instance <code class="literal">document</code>.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_DOM"><h6>Example 12.11. Validation of a DOM document against an XML schema in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ If you need to validate a document against an XML schema, use the code in <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-DOM">Example 13.9, “DOM-based XML parsing in OpenJDK”</a> to create the document, but do not enable validation at this point. Then use <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_DOM">Example 13.11, “Validation of a DOM document against an XML schema in OpenJDK”</a> to perform the schema-based validation on the <code class="literal">org.w3c.dom.Document</code> instance <code class="literal">document</code>.
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-XMLSchema_DOM"><h6>Example 13.11. Validation of a DOM document against an XML schema in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
SchemaFactory factory = SchemaFactory.<span class="perl_Function">newInstance</span>(
XMLConstants.<span class="perl_Function">W3C_XML_SCHEMA_NS_URI</span>);
@@ -51,4 +51,4 @@ Validator validator = schema.<span class="perl_Function">newValidator</span>();
<span class="perl_Comment">// This prevents external resource resolution.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>validator.<span class="perl_Function">setResourceResolver</span>(<span class="perl_Keyword">new</span> <span class="perl_Function">NoResourceResolver</span>());
validator.<span class="perl_Function">validate</span>(<span class="perl_Keyword">new</span> DOMSource(document));
-</pre></div></div><br class="example-break" /></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html"><strong>Prev</strong>12.5.7. Using OpenJDK for XML parsing and validat...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-Other.html"><strong>Next</strong>12.5.7.3. Other XML parsers in OpenJDK</a></li></ul></body></html>
\ No newline at end of file
+</pre></div></div><br class="example-break" /></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html"><strong>Prev</strong>13.5.7. Using OpenJDK for XML parsing and validat...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-Other.html"><strong>Next</strong>13.5.7.3. Other XML parsers in OpenJDK</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html
index 46fa964..6ffc806 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html
@@ -1,18 +1,18 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.5.7. Using OpenJDK for XML parsing and validation</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>13.5.7. Using OpenJDK for XML parsing and validation</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Serialization-XML.html" title="12.5. XML serialization" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Serialization-Qt.html" title="12.5.6. Using Qt for XML parsing" /><link rel="next" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html" title="12.5.7.2. XML Schema validation in OpenJDK" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"
><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-Qt.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.5.7. Using OpenJDK for XML parsing and validation</h3></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Serialization-XML.html" title="13.5. XML serialization" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Serialization-Qt.html" title="13.5.6. Using Qt for XML parsing" /><link rel="next" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html" title="13.5.7.2. XML Schema validation in OpenJDK" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"
><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-Qt.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">13.5.7. Using OpenJDK for XML parsing and validation</h3></div></div></div><div class="para">
OpenJDK contains facilities for DOM-based, SAX-based, and StAX-based document parsing. Documents can be validated against DTDs or XML schemas.
</div><div class="para">
- The approach taken to deal with entity expansion differs from the general recommendation in <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html">Section 12.5.2, “Entity expansion”</a>. We enable the the feature flag <code class="literal">javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING</code>, which enforces heuristic restrictions on the number of entity expansions. Note that this flag alone does not prevent resolution of external references (system IDs or public IDs), so it is slightly misnamed.
+ The approach taken to deal with entity expansion differs from the general recommendation in <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html">Section 13.5.2, “Entity expansion”</a>. We enable the the feature flag <code class="literal">javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING</code>, which enforces heuristic restrictions on the number of entity expansions. Note that this flag alone does not prevent resolution of external references (system IDs or public IDs), so it is slightly misnamed.
</div><div class="para">
In the following sections, we use helper classes to prevent external ID resolution.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-NoEntityResolver"><h6>Example 12.6. Helper class to prevent DTD external entity resolution in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-NoEntityResolver"><h6>Example 13.6. Helper class to prevent DTD external entity resolution in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Keyword">class</span> NoEntityResolver <span class="perl_Keyword">implements</span> EntityResolver {
@Override
<span class="perl_Keyword">public</span> InputSource <span class="perl_Function">resolveEntity</span>(String publicId, String systemId)
@@ -22,7 +22,7 @@
<span class="perl_Function"></span> <span class="perl_String">"attempt to resolve </span><span class="perl_Char">\"</span><span class="perl_String">%s</span><span class="perl_Char">\"</span><span class="perl_String"> </span><span class="perl_Char">\"</span><span class="perl_String">%s</span><span class="perl_Char">\"</span><span class="perl_String">"</span>, publicId, systemId));
}
}
-</pre></div></div><br class="example-break" /><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-NoResourceResolver"><h6>Example 12.7. Helper class to prevent schema resolution in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+</pre></div></div><br class="example-break" /><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-NoResourceResolver"><h6>Example 13.7. Helper class to prevent schema resolution in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Keyword">class</span> NoResourceResolver <span class="perl_Keyword">implements</span> LSResourceResolver {
@Override
<span class="perl_Keyword">public</span> LSInput <span class="perl_Function">resolveResource</span>(String type, String namespaceURI,
@@ -35,8 +35,8 @@
}
}
</pre></div></div><br class="example-break" /><div class="para">
- <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-Imports">Example 12.8, “Java imports for OpenJDK XML parsing”</a> shows the imports used by the examples.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-Imports"><h6>Example 12.8. Java imports for OpenJDK XML parsing</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+ <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-Imports">Example 13.8, “Java imports for OpenJDK XML parsing”</a> shows the imports used by the examples.
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-Imports"><h6>Example 13.8. Java imports for OpenJDK XML parsing</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
<span class="perl_Keyword">import</span> javax.xml.XMLConstants;
<span class="perl_Keyword">import</span> javax.xml.parsers.DocumentBuilder;
<span class="perl_Keyword">import</span> javax.xml.parsers.DocumentBuilderFactory;
@@ -58,9 +58,9 @@
<span class="perl_Keyword">import</span> org.xml.sax.SAXException;
<span class="perl_Keyword">import</span> org.xml.sax.SAXParseException;
<span class="perl_Keyword">import org.xml.sax.XMLReader;</span>
-</pre></div></div><br class="example-break" /><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-DOM"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title">12.5.7.1. DOM-based XML parsing and DTD validation in OpenJDK</h4></div></div></div><div class="para">
- This approach produces a <code class="literal">org.w3c.dom.Document</code> object from an input stream. <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-DOM">Example 12.9, “DOM-based XML parsing in OpenJDK”</a> use the data from the <code class="literal">java.io.InputStream</code> instance in the <code class="literal">inputStream</code> variable.
- </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-DOM"><h6>Example 12.9. DOM-based XML parsing in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
+</pre></div></div><br class="example-break" /><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-DOM"><div class="titlepage"><div><div keep-together.within-column="always"><h4 class="title">13.5.7.1. DOM-based XML parsing and DTD validation in OpenJDK</h4></div></div></div><div class="para">
+ This approach produces a <code class="literal">org.w3c.dom.Document</code> object from an input stream. <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-DOM">Example 13.9, “DOM-based XML parsing in OpenJDK”</a> use the data from the <code class="literal">java.io.InputStream</code> instance in the <code class="literal">inputStream</code> variable.
+ </div><div class="example" id="ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-DOM"><h6>Example 13.9. DOM-based XML parsing in OpenJDK</h6><div class="example-contents"><pre xml:lang="en-US" class="programlisting" lang="en-US">
DocumentBuilderFactory factory = DocumentBuilderFactory.<span class="perl_Function">newInstance</span>();
<span class="perl_Comment">// Impose restrictions on the complexity of the DTD.</span><span class="perl_Comment"></span>
<span class="perl_Comment"></span>factory.<span class="perl_Function">setFeature</span>(XMLConstants.<span class="perl_Function">FEATURE_SECURE_PROCESSING</span>, <span class="perl_Keyword">true</span>);
@@ -75,7 +75,7 @@ builder.<span class="perl_Function">setEntityResolver</span>(<span class="perl_K
builder.<span class="perl_Function">setErrorHandler</span>(<span class="perl_Keyword">new</span> <span class="perl_Function">Errors</span>());
Document document = builder.<span class="perl_Function">parse</span>(inputStream);
</pre></div></div><br class="example-break" /><div class="para">
- External entity references are prohibited using the <code class="literal">NoEntityResolver</code> class in <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-NoEntityResolver">Example 12.6, “Helper class to prevent DTD external entity resolution in OpenJDK”</a>. Because external DTD references are prohibited, DTD validation (if enabled) will only happen against the internal DTD subset embedded in the XML document.
+ External entity references are prohibited using the <code class="literal">NoEntityResolver</code> class in <a class="xref" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse.html#ex-Defensive_Coding-Tasks-Serialization-XML-OpenJDK-NoEntityResolver">Example 13.6, “Helper class to prevent DTD external entity resolution in OpenJDK”</a>. Because external DTD references are prohibited, DTD validation (if enabled) will only happen against the internal DTD subset embedded in the XML document.
</div><div class="para">
To validate the document against an external DTD, use a <code class="literal">javax.xml.transform.Transformer</code> class to add the DTD reference to the document, and an entity resolver which whitelists this external reference.
- </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-Qt.html"><strong>Prev</strong>12.5.6. Using Qt for XML parsing</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html"><strong>Next</strong>12.5.7.2. XML Schema validation in OpenJDK</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-Qt.html"><strong>Prev</strong>13.5.6. Using Qt for XML parsing</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-OpenJDK_Parse-SAX.html"><strong>Next</strong>13.5.7.2. XML Schema validation in OpenJDK</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html
index 11f2f3e..476d02f 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html
@@ -1,13 +1,13 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.5.4. Algorithmic complexity of XML validation</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>13.5.4. Algorithmic complexity of XML validation</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Serialization-XML.html" title="12.5. XML serialization" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html" title="12.5.3. XInclude processing" /><link rel="next" href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html" title="12.5.5. Using Expat for XML parsing" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey=
"p" href="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-Validation"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.5.4. Algorithmic complexity of XML validation</h3></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Serialization-XML.html" title="13.5. XML serialization" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html" title="13.5.3. XInclude processing" /><link rel="next" href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html" title="13.5.5. Using Expat for XML parsing" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey=
"p" href="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-Validation"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">13.5.4. Algorithmic complexity of XML validation</h3></div></div></div><div class="para">
DTD-based XML validation uses regular expressions for content models. The XML specification requires that content models are deterministic, which means that efficient validation is possible. However, some implementations do not enforce determinism, and require exponential (or just polynomial) amount of space or time for validating some DTD/document combinations.
</div><div class="para">
XML schemas and RELAX NG (via the <code class="literal">xsd:</code> prefix) directly support textual regular expressions which are not required to be deterministic.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html"><strong>Prev</strong>12.5.3. XInclude processing</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html"><strong>Next</strong>12.5.5. Using Expat for XML parsing</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html"><strong>Prev</strong>13.5.3. XInclude processing</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-Expat.html"><strong>Next</strong>13.5.5. Using Expat for XML parsing</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html
index 679c16b..ea6f1c5 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML-XInclude.html
@@ -1,13 +1,13 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.5.3. XInclude processing</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>13.5.3. XInclude processing</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Serialization-XML.html" title="12.5. XML serialization" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html" title="12.5.2. Entity expansion" /><link rel="next" href="sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html" title="12.5.4. Algorithmic complexity of XML validation" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous
"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.5.3. XInclude processing</h3></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="sect-Defensive_Coding-Tasks-Serialization-XML.html" title="13.5. XML serialization" /><link rel="prev" href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html" title="13.5.2. Entity expansion" /><link rel="next" href="sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html" title="13.5.4. Algorithmic complexity of XML validation" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous
"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-XInclude"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">13.5.3. XInclude processing</h3></div></div></div><div class="para">
XInclude processing can reference file and network resources and include them into the document, much like external entity references. When parsing untrusted XML documents, XInclude processing should be truned off.
</div><div class="para">
XInclude processing is also fairly complex and may pull in support for the XPointer and XPath specifications, considerably increasing the amount of code required for XML processing.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html"><strong>Prev</strong>12.5.2. Entity expansion</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html"><strong>Next</strong>12.5.4. Algorithmic complexity of XML validation</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html"><strong>Prev</strong>13.5.2. Entity expansion</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-Validation.html"><strong>Next</strong>13.5.4. Algorithmic complexity of XML validation</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML.html b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML.html
index 8a33af7..b334dce 100644
--- a/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML.html
+++ b/public_html/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Tasks-Serialization-XML.html
@@ -1,14 +1,14 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.5. XML serialization</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>13.5. XML serialization</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Fedora_Security_Team-Defensive_Coding-1-en-US-1-1" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora_Security_Team');
addID('Fedora_Security_Team.1');
addID('Fedora_Security_Team.1.books');
addID('Fedora_Security_Team.1.Defensive_Coding');
- </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Serialization.html" title="Chapter 12. Serialization and Deserialization" /><link rel="prev" href="ch12s04.html" title="12.4. Library support for deserialization" /><link rel="next" href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html" title="12.5.2. Entity expansion" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch12s04.html
"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">12.5. XML serialization</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="Defensive Coding" /><link rel="up" href="chap-Defensive_Coding-Tasks-Serialization.html" title="Chapter 13. Serialization and Deserialization" /><link rel="prev" href="ch13s04.html" title="13.4. Library support for deserialization" /><link rel="next" href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html" title="13.5.2. Entity expansion" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ch13s04.html
"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML"><div class="titlepage"><div><div keep-together.within-column="always"><h2 class="title">13.5. XML serialization</h2></div></div></div><div class="para">
- </div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-External"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">12.5.1. External references</h3></div></div></div><div class="para">
+ </div><div class="section" id="sect-Defensive_Coding-Tasks-Serialization-XML-External"><div class="titlepage"><div><div keep-together.within-column="always"><h3 class="title">13.5.1. External references</h3></div></div></div><div class="para">
XML documents can contain external references. They can occur in various places.
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
In the DTD declaration in the header of an XML document:
@@ -34,4 +34,4 @@
Originally, these external references were intended as unique identifiers, but by many XML implementations, they are used for locating the data for the referenced element. This causes unwanted network traffic, and may disclose file system contents or otherwise unreachable network resources, so this functionality should be disabled.
</div><div class="para">
Depending on the XML library, external referenced might be processed not just when parsing XML, but also when generating it.
- </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch12s04.html"><strong>Prev</strong>12.4. Library support for deserialization</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html"><strong>Next</strong>12.5.2. Entity expansion</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ch13s04.html"><strong>Prev</strong>13.4. Library support for deserialization</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Defensive_Coding-Tasks-Serialization-XML-Entities.html"><strong>Next</strong>13.5.2. Entity expansion</a></li></ul></body></html>
\ No newline at end of file
diff --git a/public_html/en-US/Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf b/public_html/en-US/Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf
index 4badc6e..4e5df49 100644
Binary files a/public_html/en-US/Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf and b/public_html/en-US/Fedora_Security_Team/1/pdf/Defensive_Coding/Fedora_Security_Team-1-Defensive_Coding-en-US.pdf differ
diff --git a/public_html/en-US/opds-Community_Services_Infrastructure.xml b/public_html/en-US/opds-Community_Services_Infrastructure.xml
index 0b26cdc..80959fc 100644
--- a/public_html/en-US/opds-Community_Services_Infrastructure.xml
+++ b/public_html/en-US/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/en-US/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/en-US/opds-Fedora.xml b/public_html/en-US/opds-Fedora.xml
index fbfa0e2..d60b40d 100644
--- a/public_html/en-US/opds-Fedora.xml
+++ b/public_html/en-US/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/en-US/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/en-US/opds-Fedora_Contributor_Documentation.xml b/public_html/en-US/opds-Fedora_Contributor_Documentation.xml
index ccfccb6..e5557fa 100644
--- a/public_html/en-US/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/en-US/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/en-US/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/en-US/opds-Fedora_Core.xml b/public_html/en-US/opds-Fedora_Core.xml
index 58e6e4d..8485cc8 100644
--- a/public_html/en-US/opds-Fedora_Core.xml
+++ b/public_html/en-US/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/en-US/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/en-US/opds-Fedora_Documentation.xml b/public_html/en-US/opds-Fedora_Documentation.xml
index b13523f..4169fbf 100644
--- a/public_html/en-US/opds-Fedora_Documentation.xml
+++ b/public_html/en-US/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/en-US/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/en-US/opds-Fedora_Draft_Documentation.xml b/public_html/en-US/opds-Fedora_Draft_Documentation.xml
index 465e5aa..0590a73 100644
--- a/public_html/en-US/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/en-US/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/en-US/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/en-US/opds-Fedora_Security_Team.xml b/public_html/en-US/opds-Fedora_Security_Team.xml
index 620c653..021ac11 100644
--- a/public_html/en-US/opds-Fedora_Security_Team.xml
+++ b/public_html/en-US/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/en-US/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>en-US</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/en-US/opds.xml b/public_html/en-US/opds.xml
index 1fb1420..f19b4e3 100644
--- a/public_html/en-US/opds.xml
+++ b/public_html/en-US/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/en-US/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:41</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/en-US/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>en-US</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/en-US/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>en-US</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>en-US</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>en-US</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>en-US</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>en-US</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>en-US</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/es-ES/opds-Community_Services_Infrastructure.xml b/public_html/es-ES/opds-Community_Services_Infrastructure.xml
index 864a2ab..3507760 100644
--- a/public_html/es-ES/opds-Community_Services_Infrastructure.xml
+++ b/public_html/es-ES/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/es-ES/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:42</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/es-ES/opds-Fedora.xml b/public_html/es-ES/opds-Fedora.xml
index bf5d565..fd6d9a2 100644
--- a/public_html/es-ES/opds-Fedora.xml
+++ b/public_html/es-ES/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/es-ES/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:42</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/es-ES/opds-Fedora_Contributor_Documentation.xml b/public_html/es-ES/opds-Fedora_Contributor_Documentation.xml
index 8db2dd1..d96e61e 100644
--- a/public_html/es-ES/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/es-ES/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/es-ES/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Documentación de Contribuyente</title>
<subtitle>Fedora Documentación de Contribuyente</subtitle>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:42</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/es-ES/opds-Fedora_Core.xml b/public_html/es-ES/opds-Fedora_Core.xml
index 18453d6..d8f09be 100644
--- a/public_html/es-ES/opds-Fedora_Core.xml
+++ b/public_html/es-ES/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/es-ES/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:42</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/es-ES/opds-Fedora_Documentation.xml b/public_html/es-ES/opds-Fedora_Documentation.xml
index bc75cfc..4784bfb 100644
--- a/public_html/es-ES/opds-Fedora_Documentation.xml
+++ b/public_html/es-ES/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/es-ES/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:42</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/es-ES/opds-Fedora_Draft_Documentation.xml b/public_html/es-ES/opds-Fedora_Draft_Documentation.xml
index 0017f67..ecc1d7d 100644
--- a/public_html/es-ES/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/es-ES/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/es-ES/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:42</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/es-ES/opds-Fedora_Security_Team.xml b/public_html/es-ES/opds-Fedora_Security_Team.xml
index 7cc5e4c..cee6108 100644
--- a/public_html/es-ES/opds-Fedora_Security_Team.xml
+++ b/public_html/es-ES/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/es-ES/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:42</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>es-ES</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/es-ES/opds.xml b/public_html/es-ES/opds.xml
index 270512c..ebea38b 100644
--- a/public_html/es-ES/opds.xml
+++ b/public_html/es-ES/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/es-ES/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:42</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/es-ES/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:42</updated>
<dc:language>es-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/es-ES/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:42</updated>
<dc:language>es-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Documentación de Contribuyente</title>
<id>http://docs.fedoraproject.org/es-ES/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:42</updated>
<dc:language>es-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/es-ES/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:42</updated>
<dc:language>es-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/es-ES/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:42</updated>
<dc:language>es-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/es-ES/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:42</updated>
<dc:language>es-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/es-ES/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:42</updated>
<dc:language>es-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/fa-IR/opds-Community_Services_Infrastructure.xml b/public_html/fa-IR/opds-Community_Services_Infrastructure.xml
index 257dcc7..9480957 100644
--- a/public_html/fa-IR/opds-Community_Services_Infrastructure.xml
+++ b/public_html/fa-IR/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fa-IR/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:42</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fa-IR/opds-Fedora.xml b/public_html/fa-IR/opds-Fedora.xml
index 7e945d6..6f92db8 100644
--- a/public_html/fa-IR/opds-Fedora.xml
+++ b/public_html/fa-IR/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fa-IR/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:42</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fa-IR/opds-Fedora_Contributor_Documentation.xml b/public_html/fa-IR/opds-Fedora_Contributor_Documentation.xml
index 4924659..4004780 100644
--- a/public_html/fa-IR/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/fa-IR/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fa-IR/opds-Fedora_Contributor_Documentation.xml</id>
<title>مستندات مشارکت کننده فدورا</title>
<subtitle>مستندات مشارکت کننده فدورا</subtitle>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:42</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fa-IR/opds-Fedora_Core.xml b/public_html/fa-IR/opds-Fedora_Core.xml
index d478b9b..a653b0c 100644
--- a/public_html/fa-IR/opds-Fedora_Core.xml
+++ b/public_html/fa-IR/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fa-IR/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:42</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fa-IR/opds-Fedora_Documentation.xml b/public_html/fa-IR/opds-Fedora_Documentation.xml
index a320170..fb40a3e 100644
--- a/public_html/fa-IR/opds-Fedora_Documentation.xml
+++ b/public_html/fa-IR/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fa-IR/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:42</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fa-IR/opds-Fedora_Draft_Documentation.xml b/public_html/fa-IR/opds-Fedora_Draft_Documentation.xml
index 711869b..eb8236a 100644
--- a/public_html/fa-IR/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/fa-IR/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fa-IR/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:42</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fa-IR/opds-Fedora_Security_Team.xml b/public_html/fa-IR/opds-Fedora_Security_Team.xml
index 34508a5..60e0450 100644
--- a/public_html/fa-IR/opds-Fedora_Security_Team.xml
+++ b/public_html/fa-IR/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fa-IR/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:42</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>fa-IR</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/fa-IR/opds.xml b/public_html/fa-IR/opds.xml
index 658fde5..9c943ef 100644
--- a/public_html/fa-IR/opds.xml
+++ b/public_html/fa-IR/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/fa-IR/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:42</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/fa-IR/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:42</updated>
<dc:language>fa-IR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/fa-IR/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:42</updated>
<dc:language>fa-IR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>مستندات مشارکت کننده فدورا</title>
<id>http://docs.fedoraproject.org/fa-IR/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:42</updated>
<dc:language>fa-IR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/fa-IR/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:42</updated>
<dc:language>fa-IR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/fa-IR/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:42</updated>
<dc:language>fa-IR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/fa-IR/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:42</updated>
<dc:language>fa-IR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/fa-IR/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:42</updated>
<dc:language>fa-IR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/fi-FI/opds-Community_Services_Infrastructure.xml b/public_html/fi-FI/opds-Community_Services_Infrastructure.xml
index 104a9e9..88a4c82 100644
--- a/public_html/fi-FI/opds-Community_Services_Infrastructure.xml
+++ b/public_html/fi-FI/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fi-FI/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:42</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fi-FI/opds-Fedora.xml b/public_html/fi-FI/opds-Fedora.xml
index fb35b28..c832a68 100644
--- a/public_html/fi-FI/opds-Fedora.xml
+++ b/public_html/fi-FI/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fi-FI/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fi-FI/opds-Fedora_Contributor_Documentation.xml b/public_html/fi-FI/opds-Fedora_Contributor_Documentation.xml
index 8fb9f51..431f771 100644
--- a/public_html/fi-FI/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/fi-FI/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fi-FI/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fi-FI/opds-Fedora_Core.xml b/public_html/fi-FI/opds-Fedora_Core.xml
index 9225bea..b266ac8 100644
--- a/public_html/fi-FI/opds-Fedora_Core.xml
+++ b/public_html/fi-FI/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fi-FI/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fi-FI/opds-Fedora_Documentation.xml b/public_html/fi-FI/opds-Fedora_Documentation.xml
index a1778df..f4a53f3 100644
--- a/public_html/fi-FI/opds-Fedora_Documentation.xml
+++ b/public_html/fi-FI/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fi-FI/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fi-FI/opds-Fedora_Draft_Documentation.xml b/public_html/fi-FI/opds-Fedora_Draft_Documentation.xml
index 7edaae9..137ee4a 100644
--- a/public_html/fi-FI/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/fi-FI/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fi-FI/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fi-FI/opds-Fedora_Security_Team.xml b/public_html/fi-FI/opds-Fedora_Security_Team.xml
index c1f1b4e..907c1d2 100644
--- a/public_html/fi-FI/opds-Fedora_Security_Team.xml
+++ b/public_html/fi-FI/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fi-FI/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>fi-FI</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/fi-FI/opds.xml b/public_html/fi-FI/opds.xml
index d050d69..7b2ad8e 100644
--- a/public_html/fi-FI/opds.xml
+++ b/public_html/fi-FI/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/fi-FI/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/fi-FI/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:42</updated>
<dc:language>fi-FI</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/fi-FI/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<dc:language>fi-FI</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/fi-FI/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<dc:language>fi-FI</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/fi-FI/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<dc:language>fi-FI</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/fi-FI/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<dc:language>fi-FI</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/fi-FI/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<dc:language>fi-FI</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/fi-FI/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<dc:language>fi-FI</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/fr-FR/opds-Community_Services_Infrastructure.xml b/public_html/fr-FR/opds-Community_Services_Infrastructure.xml
index eb0be27..09d471c 100644
--- a/public_html/fr-FR/opds-Community_Services_Infrastructure.xml
+++ b/public_html/fr-FR/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fr-FR/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fr-FR/opds-Fedora.xml b/public_html/fr-FR/opds-Fedora.xml
index 158a800..4689894 100644
--- a/public_html/fr-FR/opds-Fedora.xml
+++ b/public_html/fr-FR/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fr-FR/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fr-FR/opds-Fedora_Contributor_Documentation.xml b/public_html/fr-FR/opds-Fedora_Contributor_Documentation.xml
index a46455a..4f91a34 100644
--- a/public_html/fr-FR/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/fr-FR/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fr-FR/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fr-FR/opds-Fedora_Core.xml b/public_html/fr-FR/opds-Fedora_Core.xml
index c45fd61..1a17077 100644
--- a/public_html/fr-FR/opds-Fedora_Core.xml
+++ b/public_html/fr-FR/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fr-FR/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fr-FR/opds-Fedora_Documentation.xml b/public_html/fr-FR/opds-Fedora_Documentation.xml
index 35628d9..f848fcd 100644
--- a/public_html/fr-FR/opds-Fedora_Documentation.xml
+++ b/public_html/fr-FR/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fr-FR/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fr-FR/opds-Fedora_Draft_Documentation.xml b/public_html/fr-FR/opds-Fedora_Draft_Documentation.xml
index 5151fb0..07cbf77 100644
--- a/public_html/fr-FR/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/fr-FR/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fr-FR/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fr-FR/opds-Fedora_Security_Team.xml b/public_html/fr-FR/opds-Fedora_Security_Team.xml
index 1dc3a48..81fd424 100644
--- a/public_html/fr-FR/opds-Fedora_Security_Team.xml
+++ b/public_html/fr-FR/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fr-FR/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>fr-FR</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/fr-FR/opds.xml b/public_html/fr-FR/opds.xml
index 61a3b1d..2a6abb7 100644
--- a/public_html/fr-FR/opds.xml
+++ b/public_html/fr-FR/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/fr-FR/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/fr-FR/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<dc:language>fr-FR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/fr-FR/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<dc:language>fr-FR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/fr-FR/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<dc:language>fr-FR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/fr-FR/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<dc:language>fr-FR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/fr-FR/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<dc:language>fr-FR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/fr-FR/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<dc:language>fr-FR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/fr-FR/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<dc:language>fr-FR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/gu-IN/opds-Community_Services_Infrastructure.xml b/public_html/gu-IN/opds-Community_Services_Infrastructure.xml
index 63daaff..8aa5692 100644
--- a/public_html/gu-IN/opds-Community_Services_Infrastructure.xml
+++ b/public_html/gu-IN/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/gu-IN/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/gu-IN/opds-Fedora.xml b/public_html/gu-IN/opds-Fedora.xml
index 71f0064..fec5ba6 100644
--- a/public_html/gu-IN/opds-Fedora.xml
+++ b/public_html/gu-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/gu-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/gu-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/gu-IN/opds-Fedora_Contributor_Documentation.xml
index bf3b1ce..4ae0d95 100644
--- a/public_html/gu-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/gu-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/gu-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/gu-IN/opds-Fedora_Core.xml b/public_html/gu-IN/opds-Fedora_Core.xml
index 804c2a7..a8543c4 100644
--- a/public_html/gu-IN/opds-Fedora_Core.xml
+++ b/public_html/gu-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/gu-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/gu-IN/opds-Fedora_Documentation.xml b/public_html/gu-IN/opds-Fedora_Documentation.xml
index 964f5fc..b09d2a5 100644
--- a/public_html/gu-IN/opds-Fedora_Documentation.xml
+++ b/public_html/gu-IN/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/gu-IN/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/gu-IN/opds-Fedora_Draft_Documentation.xml b/public_html/gu-IN/opds-Fedora_Draft_Documentation.xml
index 3f94637..0051780 100644
--- a/public_html/gu-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/gu-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/gu-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/gu-IN/opds-Fedora_Security_Team.xml b/public_html/gu-IN/opds-Fedora_Security_Team.xml
index fe16c80..cda6fcd 100644
--- a/public_html/gu-IN/opds-Fedora_Security_Team.xml
+++ b/public_html/gu-IN/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/gu-IN/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>gu-IN</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/gu-IN/opds.xml b/public_html/gu-IN/opds.xml
index 80db5aa..31232c2 100644
--- a/public_html/gu-IN/opds.xml
+++ b/public_html/gu-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/gu-IN/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:42</updated>
+ <updated>2014-10-13T17:32:43</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/gu-IN/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<dc:language>gu-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/gu-IN/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<dc:language>gu-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/gu-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<dc:language>gu-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/gu-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<dc:language>gu-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/gu-IN/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<dc:language>gu-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/gu-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<dc:language>gu-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/gu-IN/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<dc:language>gu-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/he-IL/opds-Community_Services_Infrastructure.xml b/public_html/he-IL/opds-Community_Services_Infrastructure.xml
index e213f4f..ed00601 100644
--- a/public_html/he-IL/opds-Community_Services_Infrastructure.xml
+++ b/public_html/he-IL/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/he-IL/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:42</updated>
+ <updated>2014-10-13T17:32:43</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/he-IL/opds-Fedora.xml b/public_html/he-IL/opds-Fedora.xml
index a0d45f6..63a43a5 100644
--- a/public_html/he-IL/opds-Fedora.xml
+++ b/public_html/he-IL/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/he-IL/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:42</updated>
+ <updated>2014-10-13T17:32:44</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/he-IL/opds-Fedora_Contributor_Documentation.xml b/public_html/he-IL/opds-Fedora_Contributor_Documentation.xml
index 1fe9a7d..d912a70 100644
--- a/public_html/he-IL/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/he-IL/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/he-IL/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-08-04T20:51:42</updated>
+ <updated>2014-10-13T17:32:44</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/he-IL/opds-Fedora_Core.xml b/public_html/he-IL/opds-Fedora_Core.xml
index bb505b2..511e757 100644
--- a/public_html/he-IL/opds-Fedora_Core.xml
+++ b/public_html/he-IL/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/he-IL/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:42</updated>
+ <updated>2014-10-13T17:32:44</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/he-IL/opds-Fedora_Documentation.xml b/public_html/he-IL/opds-Fedora_Documentation.xml
index 90b564d..cdc1862 100644
--- a/public_html/he-IL/opds-Fedora_Documentation.xml
+++ b/public_html/he-IL/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/he-IL/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:42</updated>
+ <updated>2014-10-13T17:32:44</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/he-IL/opds-Fedora_Draft_Documentation.xml b/public_html/he-IL/opds-Fedora_Draft_Documentation.xml
index 65dabfc..1be91fc 100644
--- a/public_html/he-IL/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/he-IL/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/he-IL/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:42</updated>
+ <updated>2014-10-13T17:32:44</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/he-IL/opds-Fedora_Security_Team.xml b/public_html/he-IL/opds-Fedora_Security_Team.xml
index 368b936..3f3723e 100644
--- a/public_html/he-IL/opds-Fedora_Security_Team.xml
+++ b/public_html/he-IL/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/he-IL/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:42</updated>
+ <updated>2014-10-13T17:32:44</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>he-IL</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/he-IL/opds.xml b/public_html/he-IL/opds.xml
index 9499deb..3188217 100644
--- a/public_html/he-IL/opds.xml
+++ b/public_html/he-IL/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/he-IL/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:42</updated>
+ <updated>2014-10-13T17:32:44</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/he-IL/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:42</updated>
+ <updated>2014-10-13T17:32:43</updated>
<dc:language>he-IL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/he-IL/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:42</updated>
+ <updated>2014-10-13T17:32:44</updated>
<dc:language>he-IL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/he-IL/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:42</updated>
+ <updated>2014-10-13T17:32:44</updated>
<dc:language>he-IL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/he-IL/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:42</updated>
+ <updated>2014-10-13T17:32:44</updated>
<dc:language>he-IL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/he-IL/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:42</updated>
+ <updated>2014-10-13T17:32:44</updated>
<dc:language>he-IL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/he-IL/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:42</updated>
+ <updated>2014-10-13T17:32:44</updated>
<dc:language>he-IL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/he-IL/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:42</updated>
+ <updated>2014-10-13T17:32:44</updated>
<dc:language>he-IL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/hi-IN/opds-Community_Services_Infrastructure.xml b/public_html/hi-IN/opds-Community_Services_Infrastructure.xml
index 5505920..4efd325 100644
--- a/public_html/hi-IN/opds-Community_Services_Infrastructure.xml
+++ b/public_html/hi-IN/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hi-IN/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:42</updated>
+ <updated>2014-10-13T17:32:44</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/hi-IN/opds-Fedora.xml b/public_html/hi-IN/opds-Fedora.xml
index faf37d3..aa9d370 100644
--- a/public_html/hi-IN/opds-Fedora.xml
+++ b/public_html/hi-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hi-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:42</updated>
+ <updated>2014-10-13T17:32:44</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/hi-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/hi-IN/opds-Fedora_Contributor_Documentation.xml
index fd6a63d..9d2e627 100644
--- a/public_html/hi-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/hi-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hi-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-08-04T20:51:42</updated>
+ <updated>2014-10-13T17:32:44</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/hi-IN/opds-Fedora_Core.xml b/public_html/hi-IN/opds-Fedora_Core.xml
index 4e5b0be..bb882f8 100644
--- a/public_html/hi-IN/opds-Fedora_Core.xml
+++ b/public_html/hi-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hi-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:42</updated>
+ <updated>2014-10-13T17:32:44</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/hi-IN/opds-Fedora_Documentation.xml b/public_html/hi-IN/opds-Fedora_Documentation.xml
index 3385f96..53e8d3b 100644
--- a/public_html/hi-IN/opds-Fedora_Documentation.xml
+++ b/public_html/hi-IN/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hi-IN/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:42</updated>
+ <updated>2014-10-13T17:32:44</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/hi-IN/opds-Fedora_Draft_Documentation.xml b/public_html/hi-IN/opds-Fedora_Draft_Documentation.xml
index 2f63682..40398d0 100644
--- a/public_html/hi-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/hi-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hi-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:42</updated>
+ <updated>2014-10-13T17:32:44</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/hi-IN/opds-Fedora_Security_Team.xml b/public_html/hi-IN/opds-Fedora_Security_Team.xml
index b103bc1..39c8b61 100644
--- a/public_html/hi-IN/opds-Fedora_Security_Team.xml
+++ b/public_html/hi-IN/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hi-IN/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:42</updated>
+ <updated>2014-10-13T17:32:44</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>hi-IN</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/hi-IN/opds.xml b/public_html/hi-IN/opds.xml
index 5825c90..fa04893 100644
--- a/public_html/hi-IN/opds.xml
+++ b/public_html/hi-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/hi-IN/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:42</updated>
+ <updated>2014-10-13T17:32:44</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/hi-IN/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:42</updated>
+ <updated>2014-10-13T17:32:44</updated>
<dc:language>hi-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/hi-IN/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:42</updated>
+ <updated>2014-10-13T17:32:44</updated>
<dc:language>hi-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/hi-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:42</updated>
+ <updated>2014-10-13T17:32:44</updated>
<dc:language>hi-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/hi-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:42</updated>
+ <updated>2014-10-13T17:32:44</updated>
<dc:language>hi-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/hi-IN/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:42</updated>
+ <updated>2014-10-13T17:32:44</updated>
<dc:language>hi-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/hi-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:42</updated>
+ <updated>2014-10-13T17:32:44</updated>
<dc:language>hi-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/hi-IN/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:42</updated>
+ <updated>2014-10-13T17:32:44</updated>
<dc:language>hi-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/hu-HU/opds-Community_Services_Infrastructure.xml b/public_html/hu-HU/opds-Community_Services_Infrastructure.xml
index efa4ba6..e750f73 100644
--- a/public_html/hu-HU/opds-Community_Services_Infrastructure.xml
+++ b/public_html/hu-HU/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hu-HU/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:44</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/hu-HU/opds-Fedora.xml b/public_html/hu-HU/opds-Fedora.xml
index 200fb43..5b656ce 100644
--- a/public_html/hu-HU/opds-Fedora.xml
+++ b/public_html/hu-HU/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hu-HU/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:44</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/hu-HU/opds-Fedora_Contributor_Documentation.xml b/public_html/hu-HU/opds-Fedora_Contributor_Documentation.xml
index b69a15a..b929c8c 100644
--- a/public_html/hu-HU/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/hu-HU/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hu-HU/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:44</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/hu-HU/opds-Fedora_Core.xml b/public_html/hu-HU/opds-Fedora_Core.xml
index bd18de2..b2d77a9 100644
--- a/public_html/hu-HU/opds-Fedora_Core.xml
+++ b/public_html/hu-HU/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hu-HU/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:44</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/hu-HU/opds-Fedora_Documentation.xml b/public_html/hu-HU/opds-Fedora_Documentation.xml
index bb93cfb..688c64c 100644
--- a/public_html/hu-HU/opds-Fedora_Documentation.xml
+++ b/public_html/hu-HU/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hu-HU/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:44</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/hu-HU/opds-Fedora_Draft_Documentation.xml b/public_html/hu-HU/opds-Fedora_Draft_Documentation.xml
index 3b6fca0..85aa869 100644
--- a/public_html/hu-HU/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/hu-HU/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hu-HU/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:44</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/hu-HU/opds-Fedora_Security_Team.xml b/public_html/hu-HU/opds-Fedora_Security_Team.xml
index 978eaf8..9dafbf9 100644
--- a/public_html/hu-HU/opds-Fedora_Security_Team.xml
+++ b/public_html/hu-HU/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hu-HU/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:44</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>hu-HU</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/hu-HU/opds.xml b/public_html/hu-HU/opds.xml
index 45b23d2..31e5de7 100644
--- a/public_html/hu-HU/opds.xml
+++ b/public_html/hu-HU/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/hu-HU/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:44</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/hu-HU/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:44</updated>
<dc:language>hu-HU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/hu-HU/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:44</updated>
<dc:language>hu-HU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/hu-HU/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:44</updated>
<dc:language>hu-HU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/hu-HU/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:44</updated>
<dc:language>hu-HU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/hu-HU/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:44</updated>
<dc:language>hu-HU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/hu-HU/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:44</updated>
<dc:language>hu-HU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/hu-HU/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:44</updated>
<dc:language>hu-HU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/ia/opds-Community_Services_Infrastructure.xml b/public_html/ia/opds-Community_Services_Infrastructure.xml
index 1078c22..6e79b1f 100644
--- a/public_html/ia/opds-Community_Services_Infrastructure.xml
+++ b/public_html/ia/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ia/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:44</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ia/opds-Fedora.xml b/public_html/ia/opds-Fedora.xml
index b52fe21..972f1dd 100644
--- a/public_html/ia/opds-Fedora.xml
+++ b/public_html/ia/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ia/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:44</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ia/opds-Fedora_Contributor_Documentation.xml b/public_html/ia/opds-Fedora_Contributor_Documentation.xml
index fdd2b27..6982a27 100644
--- a/public_html/ia/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/ia/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ia/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:44</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ia/opds-Fedora_Core.xml b/public_html/ia/opds-Fedora_Core.xml
index 328faf4..9b01a77 100644
--- a/public_html/ia/opds-Fedora_Core.xml
+++ b/public_html/ia/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ia/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:44</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ia/opds-Fedora_Documentation.xml b/public_html/ia/opds-Fedora_Documentation.xml
index 366a1da..bc64c44 100644
--- a/public_html/ia/opds-Fedora_Documentation.xml
+++ b/public_html/ia/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ia/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:44</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ia/opds-Fedora_Draft_Documentation.xml b/public_html/ia/opds-Fedora_Draft_Documentation.xml
index 690ef20..06a482a 100644
--- a/public_html/ia/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/ia/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ia/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:44</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ia/opds-Fedora_Security_Team.xml b/public_html/ia/opds-Fedora_Security_Team.xml
index 4535a24..0c73a68 100644
--- a/public_html/ia/opds-Fedora_Security_Team.xml
+++ b/public_html/ia/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ia/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:44</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>ia</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/ia/opds.xml b/public_html/ia/opds.xml
index 12cbdc7..86203ca 100644
--- a/public_html/ia/opds.xml
+++ b/public_html/ia/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/ia/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:45</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/ia/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:44</updated>
<dc:language>ia</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/ia/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:44</updated>
<dc:language>ia</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/ia/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:44</updated>
<dc:language>ia</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/ia/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:44</updated>
<dc:language>ia</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/ia/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:44</updated>
<dc:language>ia</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/ia/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:44</updated>
<dc:language>ia</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/ia/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:44</updated>
<dc:language>ia</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/id-ID/opds-Community_Services_Infrastructure.xml b/public_html/id-ID/opds-Community_Services_Infrastructure.xml
index d2aa70e..c7f5d7c 100644
--- a/public_html/id-ID/opds-Community_Services_Infrastructure.xml
+++ b/public_html/id-ID/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/id-ID/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:45</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/id-ID/opds-Fedora.xml b/public_html/id-ID/opds-Fedora.xml
index 95f3512..1693e26 100644
--- a/public_html/id-ID/opds-Fedora.xml
+++ b/public_html/id-ID/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/id-ID/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:45</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/id-ID/opds-Fedora_Contributor_Documentation.xml b/public_html/id-ID/opds-Fedora_Contributor_Documentation.xml
index 020bf50..c3a589d 100644
--- a/public_html/id-ID/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/id-ID/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/id-ID/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:45</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/id-ID/opds-Fedora_Core.xml b/public_html/id-ID/opds-Fedora_Core.xml
index 8aafd6d..846ad12 100644
--- a/public_html/id-ID/opds-Fedora_Core.xml
+++ b/public_html/id-ID/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/id-ID/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:45</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/id-ID/opds-Fedora_Documentation.xml b/public_html/id-ID/opds-Fedora_Documentation.xml
index 6505e40..9dfc67e 100644
--- a/public_html/id-ID/opds-Fedora_Documentation.xml
+++ b/public_html/id-ID/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/id-ID/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:45</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/id-ID/opds-Fedora_Draft_Documentation.xml b/public_html/id-ID/opds-Fedora_Draft_Documentation.xml
index 904a5e1..9f60bd8 100644
--- a/public_html/id-ID/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/id-ID/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/id-ID/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:45</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/id-ID/opds-Fedora_Security_Team.xml b/public_html/id-ID/opds-Fedora_Security_Team.xml
index 1272ae6..5968a93 100644
--- a/public_html/id-ID/opds-Fedora_Security_Team.xml
+++ b/public_html/id-ID/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/id-ID/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:45</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>id-ID</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/id-ID/opds.xml b/public_html/id-ID/opds.xml
index 36e945f..6d25db9 100644
--- a/public_html/id-ID/opds.xml
+++ b/public_html/id-ID/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/id-ID/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:45</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/id-ID/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:45</updated>
<dc:language>id-ID</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/id-ID/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:45</updated>
<dc:language>id-ID</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/id-ID/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:45</updated>
<dc:language>id-ID</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/id-ID/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:45</updated>
<dc:language>id-ID</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/id-ID/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:45</updated>
<dc:language>id-ID</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/id-ID/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:45</updated>
<dc:language>id-ID</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/id-ID/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:45</updated>
<dc:language>id-ID</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/index.html b/public_html/index.html
index 039a9d2..9100bfd 100644
--- a/public_html/index.html
+++ b/public_html/index.html
@@ -16,7 +16,7 @@
lang = window.navigator.language;
var match = 0;
- var locales = ["as-IN","bg-BG","bn-IN","bs-BA","ca-ES","cs-CZ","da-DK","de-DE","el-GR","en-US","es-ES","fa-IR","fi-FI","fr-FR","gu-IN","he-IL","hi-IN","hu-HU","ia","id-ID","it-IT","ja-JP","kn-IN","ko-KR","lt-LT","ml-IN","mr-IN","nb-NO","nl-NL","or-IN","pa-IN","pl-PL","pt-BR","pt-PT","ro-RO","ru-RU","sk-SK","sr-Latn-RS","sr-RS","sv-SE","ta-IN","te-IN","uk-UA","zh-CN","zh-TW"];
+ var locales = ["as-IN","bg-BG","bn-IN","bs-BA","ca-ES","cs-CZ","da-DK","de-DE","el-GR","en-US","es-ES","fa-IR","fi-FI","fr-FR","gu-IN","he-IL","hi-IN","hu-HU","ia","id-ID","it-IT","ja-JP","kn-IN","ko-KR","lt-LT","ml-IN","mr-IN","nb-NO","nl-NL","or-IN","pa-IN","pl-PL","pt-BR","pt-PT","ro","ru-RU","sk-SK","sr-Latn-RS","sr-RS","sv-SE","ta-IN","te-IN","uk-UA","zh-CN","zh-TW"];
if(lang) {
// Try for full match of lang_LOC
diff --git a/public_html/it-IT/opds-Community_Services_Infrastructure.xml b/public_html/it-IT/opds-Community_Services_Infrastructure.xml
index e1f8c34..126ccf8 100644
--- a/public_html/it-IT/opds-Community_Services_Infrastructure.xml
+++ b/public_html/it-IT/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/it-IT/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:45</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/it-IT/opds-Fedora.xml b/public_html/it-IT/opds-Fedora.xml
index 78f6952..d13597b 100644
--- a/public_html/it-IT/opds-Fedora.xml
+++ b/public_html/it-IT/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/it-IT/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:45</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/it-IT/opds-Fedora_Contributor_Documentation.xml b/public_html/it-IT/opds-Fedora_Contributor_Documentation.xml
index 30cc6ed..4a8f51e 100644
--- a/public_html/it-IT/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/it-IT/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/it-IT/opds-Fedora_Contributor_Documentation.xml</id>
<title>Documentazione Collaboratori Fedora</title>
<subtitle>Documentazione Collaboratori Fedora</subtitle>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:46</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/it-IT/opds-Fedora_Core.xml b/public_html/it-IT/opds-Fedora_Core.xml
index 4346ee7..3ab3917 100644
--- a/public_html/it-IT/opds-Fedora_Core.xml
+++ b/public_html/it-IT/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/it-IT/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:46</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/it-IT/opds-Fedora_Documentation.xml b/public_html/it-IT/opds-Fedora_Documentation.xml
index 6349315..5c0819f 100644
--- a/public_html/it-IT/opds-Fedora_Documentation.xml
+++ b/public_html/it-IT/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/it-IT/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:46</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/it-IT/opds-Fedora_Draft_Documentation.xml b/public_html/it-IT/opds-Fedora_Draft_Documentation.xml
index 9ec9414..7c2b1ed 100644
--- a/public_html/it-IT/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/it-IT/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/it-IT/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:46</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/it-IT/opds-Fedora_Security_Team.xml b/public_html/it-IT/opds-Fedora_Security_Team.xml
index 2071755..d1d2e8f 100644
--- a/public_html/it-IT/opds-Fedora_Security_Team.xml
+++ b/public_html/it-IT/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/it-IT/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:46</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>it-IT</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/it-IT/opds.xml b/public_html/it-IT/opds.xml
index eb44823..dd38a3c 100644
--- a/public_html/it-IT/opds.xml
+++ b/public_html/it-IT/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/it-IT/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:46</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/it-IT/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:45</updated>
<dc:language>it-IT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/it-IT/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:45</updated>
<dc:language>it-IT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Documentazione Collaboratori Fedora</title>
<id>http://docs.fedoraproject.org/it-IT/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:46</updated>
<dc:language>it-IT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/it-IT/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:46</updated>
<dc:language>it-IT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/it-IT/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:46</updated>
<dc:language>it-IT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/it-IT/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:46</updated>
<dc:language>it-IT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/it-IT/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:46</updated>
<dc:language>it-IT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/ja-JP/opds-Community_Services_Infrastructure.xml b/public_html/ja-JP/opds-Community_Services_Infrastructure.xml
index c86f7af..c3b3826 100644
--- a/public_html/ja-JP/opds-Community_Services_Infrastructure.xml
+++ b/public_html/ja-JP/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ja-JP/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:46</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ja-JP/opds-Fedora.xml b/public_html/ja-JP/opds-Fedora.xml
index 0bd5960..d08a8c7 100644
--- a/public_html/ja-JP/opds-Fedora.xml
+++ b/public_html/ja-JP/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ja-JP/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:47</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ja-JP/opds-Fedora_Contributor_Documentation.xml b/public_html/ja-JP/opds-Fedora_Contributor_Documentation.xml
index 6130595..8cc3bf1 100644
--- a/public_html/ja-JP/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/ja-JP/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ja-JP/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora コントリビュータ用ドキュメント</title>
<subtitle>Fedora コントリビュータ用ドキュメント</subtitle>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:47</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ja-JP/opds-Fedora_Core.xml b/public_html/ja-JP/opds-Fedora_Core.xml
index 60b0857..02d03d5 100644
--- a/public_html/ja-JP/opds-Fedora_Core.xml
+++ b/public_html/ja-JP/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ja-JP/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:47</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ja-JP/opds-Fedora_Documentation.xml b/public_html/ja-JP/opds-Fedora_Documentation.xml
index a0b0f36..029ee52 100644
--- a/public_html/ja-JP/opds-Fedora_Documentation.xml
+++ b/public_html/ja-JP/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ja-JP/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:47</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ja-JP/opds-Fedora_Draft_Documentation.xml b/public_html/ja-JP/opds-Fedora_Draft_Documentation.xml
index 558bfb2..de2f937 100644
--- a/public_html/ja-JP/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/ja-JP/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ja-JP/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:47</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ja-JP/opds-Fedora_Security_Team.xml b/public_html/ja-JP/opds-Fedora_Security_Team.xml
index 42bf0ff..a6013e7 100644
--- a/public_html/ja-JP/opds-Fedora_Security_Team.xml
+++ b/public_html/ja-JP/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ja-JP/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:47</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>ja-JP</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/ja-JP/opds.xml b/public_html/ja-JP/opds.xml
index 83397af..5a3c3b0 100644
--- a/public_html/ja-JP/opds.xml
+++ b/public_html/ja-JP/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/ja-JP/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:47</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/ja-JP/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:46</updated>
<dc:language>ja-JP</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/ja-JP/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:47</updated>
<dc:language>ja-JP</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora コントリビュータ用ドキュメント</title>
<id>http://docs.fedoraproject.org/ja-JP/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:47</updated>
<dc:language>ja-JP</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/ja-JP/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:47</updated>
<dc:language>ja-JP</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/ja-JP/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:47</updated>
<dc:language>ja-JP</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/ja-JP/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:47</updated>
<dc:language>ja-JP</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/ja-JP/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:47</updated>
<dc:language>ja-JP</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/kn-IN/opds-Community_Services_Infrastructure.xml b/public_html/kn-IN/opds-Community_Services_Infrastructure.xml
index d4bdae4..ef9008d 100644
--- a/public_html/kn-IN/opds-Community_Services_Infrastructure.xml
+++ b/public_html/kn-IN/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/kn-IN/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:47</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/kn-IN/opds-Fedora.xml b/public_html/kn-IN/opds-Fedora.xml
index 768f74e..09fac44 100644
--- a/public_html/kn-IN/opds-Fedora.xml
+++ b/public_html/kn-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/kn-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:48</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/kn-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/kn-IN/opds-Fedora_Contributor_Documentation.xml
index 1c40cd6..e7fc169 100644
--- a/public_html/kn-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/kn-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/kn-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/kn-IN/opds-Fedora_Core.xml b/public_html/kn-IN/opds-Fedora_Core.xml
index 1c796f8..affc11a 100644
--- a/public_html/kn-IN/opds-Fedora_Core.xml
+++ b/public_html/kn-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/kn-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/kn-IN/opds-Fedora_Documentation.xml b/public_html/kn-IN/opds-Fedora_Documentation.xml
index fe9f378..04703d9 100644
--- a/public_html/kn-IN/opds-Fedora_Documentation.xml
+++ b/public_html/kn-IN/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/kn-IN/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/kn-IN/opds-Fedora_Draft_Documentation.xml b/public_html/kn-IN/opds-Fedora_Draft_Documentation.xml
index 9576cb9..ee5be33 100644
--- a/public_html/kn-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/kn-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/kn-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/kn-IN/opds-Fedora_Security_Team.xml b/public_html/kn-IN/opds-Fedora_Security_Team.xml
index 5ffb85a..76a9583 100644
--- a/public_html/kn-IN/opds-Fedora_Security_Team.xml
+++ b/public_html/kn-IN/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/kn-IN/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>kn-IN</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/kn-IN/opds.xml b/public_html/kn-IN/opds.xml
index 82094e9..4d564dd 100644
--- a/public_html/kn-IN/opds.xml
+++ b/public_html/kn-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/kn-IN/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/kn-IN/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:47</updated>
<dc:language>kn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/kn-IN/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<dc:language>kn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/kn-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<dc:language>kn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/kn-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<dc:language>kn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/kn-IN/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<dc:language>kn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/kn-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<dc:language>kn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/kn-IN/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<dc:language>kn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/ko-KR/opds-Community_Services_Infrastructure.xml b/public_html/ko-KR/opds-Community_Services_Infrastructure.xml
index 80a7a2c..e9144d1 100644
--- a/public_html/ko-KR/opds-Community_Services_Infrastructure.xml
+++ b/public_html/ko-KR/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ko-KR/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ko-KR/opds-Fedora.xml b/public_html/ko-KR/opds-Fedora.xml
index c62e641..949aa44 100644
--- a/public_html/ko-KR/opds-Fedora.xml
+++ b/public_html/ko-KR/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ko-KR/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ko-KR/opds-Fedora_Contributor_Documentation.xml b/public_html/ko-KR/opds-Fedora_Contributor_Documentation.xml
index 5727a37..f5d694c 100644
--- a/public_html/ko-KR/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/ko-KR/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ko-KR/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ko-KR/opds-Fedora_Core.xml b/public_html/ko-KR/opds-Fedora_Core.xml
index 65298ba..cf06641 100644
--- a/public_html/ko-KR/opds-Fedora_Core.xml
+++ b/public_html/ko-KR/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ko-KR/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ko-KR/opds-Fedora_Documentation.xml b/public_html/ko-KR/opds-Fedora_Documentation.xml
index aa20fa8..5ff26a4 100644
--- a/public_html/ko-KR/opds-Fedora_Documentation.xml
+++ b/public_html/ko-KR/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ko-KR/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ko-KR/opds-Fedora_Draft_Documentation.xml b/public_html/ko-KR/opds-Fedora_Draft_Documentation.xml
index 317d7be..de558cb 100644
--- a/public_html/ko-KR/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/ko-KR/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ko-KR/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ko-KR/opds-Fedora_Security_Team.xml b/public_html/ko-KR/opds-Fedora_Security_Team.xml
index 5c86e88..291916f 100644
--- a/public_html/ko-KR/opds-Fedora_Security_Team.xml
+++ b/public_html/ko-KR/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ko-KR/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>ko-KR</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/ko-KR/opds.xml b/public_html/ko-KR/opds.xml
index 8070629..19a8e9f 100644
--- a/public_html/ko-KR/opds.xml
+++ b/public_html/ko-KR/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/ko-KR/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/ko-KR/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<dc:language>ko-KR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/ko-KR/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<dc:language>ko-KR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/ko-KR/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<dc:language>ko-KR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/ko-KR/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<dc:language>ko-KR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/ko-KR/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<dc:language>ko-KR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/ko-KR/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<dc:language>ko-KR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/ko-KR/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<dc:language>ko-KR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/lt-LT/opds-Community_Services_Infrastructure.xml b/public_html/lt-LT/opds-Community_Services_Infrastructure.xml
index d93b8d5..57fe06e 100644
--- a/public_html/lt-LT/opds-Community_Services_Infrastructure.xml
+++ b/public_html/lt-LT/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/lt-LT/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/lt-LT/opds-Fedora.xml b/public_html/lt-LT/opds-Fedora.xml
index e1595e8..29d0db6 100644
--- a/public_html/lt-LT/opds-Fedora.xml
+++ b/public_html/lt-LT/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/lt-LT/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/lt-LT/opds-Fedora_Contributor_Documentation.xml b/public_html/lt-LT/opds-Fedora_Contributor_Documentation.xml
index 82dc21d..7003130 100644
--- a/public_html/lt-LT/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/lt-LT/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/lt-LT/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/lt-LT/opds-Fedora_Core.xml b/public_html/lt-LT/opds-Fedora_Core.xml
index 35d269a..f3c8654 100644
--- a/public_html/lt-LT/opds-Fedora_Core.xml
+++ b/public_html/lt-LT/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/lt-LT/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/lt-LT/opds-Fedora_Documentation.xml b/public_html/lt-LT/opds-Fedora_Documentation.xml
index b3905b7..a1e48e3 100644
--- a/public_html/lt-LT/opds-Fedora_Documentation.xml
+++ b/public_html/lt-LT/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/lt-LT/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/lt-LT/opds-Fedora_Draft_Documentation.xml b/public_html/lt-LT/opds-Fedora_Draft_Documentation.xml
index 34f2e83..805c195 100644
--- a/public_html/lt-LT/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/lt-LT/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/lt-LT/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/lt-LT/opds-Fedora_Security_Team.xml b/public_html/lt-LT/opds-Fedora_Security_Team.xml
index 5e07679..a901122 100644
--- a/public_html/lt-LT/opds-Fedora_Security_Team.xml
+++ b/public_html/lt-LT/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/lt-LT/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>lt-LT</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/lt-LT/opds.xml b/public_html/lt-LT/opds.xml
index f69b682..9086d08 100644
--- a/public_html/lt-LT/opds.xml
+++ b/public_html/lt-LT/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/lt-LT/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/lt-LT/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<dc:language>lt-LT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/lt-LT/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<dc:language>lt-LT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/lt-LT/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<dc:language>lt-LT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/lt-LT/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<dc:language>lt-LT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/lt-LT/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<dc:language>lt-LT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/lt-LT/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<dc:language>lt-LT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/lt-LT/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<dc:language>lt-LT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/ml-IN/opds-Community_Services_Infrastructure.xml b/public_html/ml-IN/opds-Community_Services_Infrastructure.xml
index 347c9c1..d180b3a 100644
--- a/public_html/ml-IN/opds-Community_Services_Infrastructure.xml
+++ b/public_html/ml-IN/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ml-IN/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ml-IN/opds-Fedora.xml b/public_html/ml-IN/opds-Fedora.xml
index f18f64b..0c2f09d 100644
--- a/public_html/ml-IN/opds-Fedora.xml
+++ b/public_html/ml-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ml-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ml-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/ml-IN/opds-Fedora_Contributor_Documentation.xml
index fb9c2f4..1ae00fd 100644
--- a/public_html/ml-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/ml-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ml-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ml-IN/opds-Fedora_Core.xml b/public_html/ml-IN/opds-Fedora_Core.xml
index 60864a1..9f4a19f 100644
--- a/public_html/ml-IN/opds-Fedora_Core.xml
+++ b/public_html/ml-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ml-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ml-IN/opds-Fedora_Documentation.xml b/public_html/ml-IN/opds-Fedora_Documentation.xml
index dbb8667..71f00e7 100644
--- a/public_html/ml-IN/opds-Fedora_Documentation.xml
+++ b/public_html/ml-IN/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ml-IN/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ml-IN/opds-Fedora_Draft_Documentation.xml b/public_html/ml-IN/opds-Fedora_Draft_Documentation.xml
index 7a9ba8d..ed304bb 100644
--- a/public_html/ml-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/ml-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ml-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ml-IN/opds-Fedora_Security_Team.xml b/public_html/ml-IN/opds-Fedora_Security_Team.xml
index fbcff40..f312113 100644
--- a/public_html/ml-IN/opds-Fedora_Security_Team.xml
+++ b/public_html/ml-IN/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ml-IN/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>ml-IN</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/ml-IN/opds.xml b/public_html/ml-IN/opds.xml
index 679e938..c68b455 100644
--- a/public_html/ml-IN/opds.xml
+++ b/public_html/ml-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/ml-IN/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/ml-IN/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<dc:language>ml-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/ml-IN/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<dc:language>ml-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/ml-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<dc:language>ml-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/ml-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<dc:language>ml-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/ml-IN/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<dc:language>ml-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/ml-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<dc:language>ml-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/ml-IN/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<dc:language>ml-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/mr-IN/opds-Community_Services_Infrastructure.xml b/public_html/mr-IN/opds-Community_Services_Infrastructure.xml
index 669f4ba..477108f 100644
--- a/public_html/mr-IN/opds-Community_Services_Infrastructure.xml
+++ b/public_html/mr-IN/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/mr-IN/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/mr-IN/opds-Fedora.xml b/public_html/mr-IN/opds-Fedora.xml
index 38f99ba..0f053e8 100644
--- a/public_html/mr-IN/opds-Fedora.xml
+++ b/public_html/mr-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/mr-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:49</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/mr-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/mr-IN/opds-Fedora_Contributor_Documentation.xml
index 5a02f5a..ab699ad 100644
--- a/public_html/mr-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/mr-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/mr-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:49</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/mr-IN/opds-Fedora_Core.xml b/public_html/mr-IN/opds-Fedora_Core.xml
index 254404b..80b9518 100644
--- a/public_html/mr-IN/opds-Fedora_Core.xml
+++ b/public_html/mr-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/mr-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:49</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/mr-IN/opds-Fedora_Documentation.xml b/public_html/mr-IN/opds-Fedora_Documentation.xml
index aec3df0..f64701f 100644
--- a/public_html/mr-IN/opds-Fedora_Documentation.xml
+++ b/public_html/mr-IN/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/mr-IN/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:49</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/mr-IN/opds-Fedora_Draft_Documentation.xml b/public_html/mr-IN/opds-Fedora_Draft_Documentation.xml
index 5c3b1a1..3e5a4ec 100644
--- a/public_html/mr-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/mr-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/mr-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:49</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/mr-IN/opds-Fedora_Security_Team.xml b/public_html/mr-IN/opds-Fedora_Security_Team.xml
index 56e2e02..7c2e796 100644
--- a/public_html/mr-IN/opds-Fedora_Security_Team.xml
+++ b/public_html/mr-IN/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/mr-IN/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:49</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>mr-IN</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/mr-IN/opds.xml b/public_html/mr-IN/opds.xml
index 86cf03c..71dab79 100644
--- a/public_html/mr-IN/opds.xml
+++ b/public_html/mr-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/mr-IN/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:49</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/mr-IN/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<dc:language>mr-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/mr-IN/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:49</updated>
<dc:language>mr-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/mr-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:49</updated>
<dc:language>mr-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/mr-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:49</updated>
<dc:language>mr-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/mr-IN/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:49</updated>
<dc:language>mr-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/mr-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:49</updated>
<dc:language>mr-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/mr-IN/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:49</updated>
<dc:language>mr-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/nb-NO/opds-Community_Services_Infrastructure.xml b/public_html/nb-NO/opds-Community_Services_Infrastructure.xml
index 98036cb..f9dffc6 100644
--- a/public_html/nb-NO/opds-Community_Services_Infrastructure.xml
+++ b/public_html/nb-NO/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nb-NO/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:49</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/nb-NO/opds-Fedora.xml b/public_html/nb-NO/opds-Fedora.xml
index 4082193..34fabfa 100644
--- a/public_html/nb-NO/opds-Fedora.xml
+++ b/public_html/nb-NO/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nb-NO/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:49</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/nb-NO/opds-Fedora_Contributor_Documentation.xml b/public_html/nb-NO/opds-Fedora_Contributor_Documentation.xml
index 4883d35..f56653a 100644
--- a/public_html/nb-NO/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/nb-NO/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nb-NO/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:49</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/nb-NO/opds-Fedora_Core.xml b/public_html/nb-NO/opds-Fedora_Core.xml
index 013ef8c..5a6d9ff 100644
--- a/public_html/nb-NO/opds-Fedora_Core.xml
+++ b/public_html/nb-NO/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nb-NO/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:49</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/nb-NO/opds-Fedora_Documentation.xml b/public_html/nb-NO/opds-Fedora_Documentation.xml
index daea2a1..1c8e474 100644
--- a/public_html/nb-NO/opds-Fedora_Documentation.xml
+++ b/public_html/nb-NO/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nb-NO/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:49</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/nb-NO/opds-Fedora_Draft_Documentation.xml b/public_html/nb-NO/opds-Fedora_Draft_Documentation.xml
index 053f00b..3c1067e 100644
--- a/public_html/nb-NO/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/nb-NO/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nb-NO/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:49</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/nb-NO/opds-Fedora_Security_Team.xml b/public_html/nb-NO/opds-Fedora_Security_Team.xml
index 80502b6..9796d62 100644
--- a/public_html/nb-NO/opds-Fedora_Security_Team.xml
+++ b/public_html/nb-NO/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nb-NO/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:49</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>nb-NO</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/nb-NO/opds.xml b/public_html/nb-NO/opds.xml
index 645306d..d0a7ea9 100644
--- a/public_html/nb-NO/opds.xml
+++ b/public_html/nb-NO/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/nb-NO/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:49</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/nb-NO/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:49</updated>
<dc:language>nb-NO</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/nb-NO/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:49</updated>
<dc:language>nb-NO</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/nb-NO/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:49</updated>
<dc:language>nb-NO</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/nb-NO/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:49</updated>
<dc:language>nb-NO</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/nb-NO/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:49</updated>
<dc:language>nb-NO</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/nb-NO/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:49</updated>
<dc:language>nb-NO</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/nb-NO/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:49</updated>
<dc:language>nb-NO</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/nl-NL/opds-Community_Services_Infrastructure.xml b/public_html/nl-NL/opds-Community_Services_Infrastructure.xml
index 37062cd..0ebc6be 100644
--- a/public_html/nl-NL/opds-Community_Services_Infrastructure.xml
+++ b/public_html/nl-NL/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nl-NL/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:49</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/nl-NL/opds-Fedora.xml b/public_html/nl-NL/opds-Fedora.xml
index fe95eeb..6db2e43 100644
--- a/public_html/nl-NL/opds-Fedora.xml
+++ b/public_html/nl-NL/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nl-NL/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/nl-NL/opds-Fedora_Contributor_Documentation.xml b/public_html/nl-NL/opds-Fedora_Contributor_Documentation.xml
index fae1f30..9844a8a 100644
--- a/public_html/nl-NL/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/nl-NL/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nl-NL/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/nl-NL/opds-Fedora_Core.xml b/public_html/nl-NL/opds-Fedora_Core.xml
index 4ad7776..462b118 100644
--- a/public_html/nl-NL/opds-Fedora_Core.xml
+++ b/public_html/nl-NL/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nl-NL/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/nl-NL/opds-Fedora_Documentation.xml b/public_html/nl-NL/opds-Fedora_Documentation.xml
index d2fc036..2d147ba 100644
--- a/public_html/nl-NL/opds-Fedora_Documentation.xml
+++ b/public_html/nl-NL/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nl-NL/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/nl-NL/opds-Fedora_Draft_Documentation.xml b/public_html/nl-NL/opds-Fedora_Draft_Documentation.xml
index 56d23b4..4f30f33 100644
--- a/public_html/nl-NL/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/nl-NL/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nl-NL/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/nl-NL/opds-Fedora_Security_Team.xml b/public_html/nl-NL/opds-Fedora_Security_Team.xml
index 627740d..f5cf7f7 100644
--- a/public_html/nl-NL/opds-Fedora_Security_Team.xml
+++ b/public_html/nl-NL/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nl-NL/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>nl-NL</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/nl-NL/opds.xml b/public_html/nl-NL/opds.xml
index ae30356..1ea2a11 100644
--- a/public_html/nl-NL/opds.xml
+++ b/public_html/nl-NL/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/nl-NL/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/nl-NL/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:49</updated>
<dc:language>nl-NL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/nl-NL/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<dc:language>nl-NL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/nl-NL/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<dc:language>nl-NL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/nl-NL/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<dc:language>nl-NL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/nl-NL/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<dc:language>nl-NL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/nl-NL/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<dc:language>nl-NL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/nl-NL/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<dc:language>nl-NL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/opds.xml b/public_html/opds.xml
index 793292a..d0fbbb6 100644
--- a/public_html/opds.xml
+++ b/public_html/opds.xml
@@ -7,7 +7,7 @@
<link rel="start" href="http://docs.fedoraproject.org/opds.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<title>Fedora Documentation</title>
- <updated>2014-08-04T20:51:49</updated>
+ <updated>2014-10-13T17:32:58</updated>
<!--author>
<name></name>
<uri></uri>
@@ -16,7 +16,7 @@
<entry>
<title>অসমীয়া</title>
<id>as-IN/opds.xml</id>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:39</updated>
<dc:language>as-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="as-IN/opds.xml"/>
@@ -24,7 +24,7 @@
<entry>
<title>български</title>
<id>bg-BG/opds.xml</id>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<dc:language>bg-BG</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="bg-BG/opds.xml"/>
@@ -32,7 +32,7 @@
<entry>
<title>বাংলা</title>
<id>bn-IN/opds.xml</id>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<dc:language>bn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="bn-IN/opds.xml"/>
@@ -40,7 +40,7 @@
<entry>
<title>Bosanski</title>
<id>bs-BA/opds.xml</id>
- <updated>2014-08-04T20:51:38</updated>
+ <updated>2014-10-13T17:32:40</updated>
<dc:language>bs-BA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="bs-BA/opds.xml"/>
@@ -48,7 +48,7 @@
<entry>
<title>Català</title>
<id>ca-ES/opds.xml</id>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:40</updated>
<dc:language>ca-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="ca-ES/opds.xml"/>
@@ -56,7 +56,7 @@
<entry>
<title>Čeština</title>
<id>cs-CZ/opds.xml</id>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>cs-CZ</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="cs-CZ/opds.xml"/>
@@ -64,7 +64,7 @@
<entry>
<title>Dansk</title>
<id>da-DK/opds.xml</id>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>da-DK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="da-DK/opds.xml"/>
@@ -72,7 +72,7 @@
<entry>
<title>Deutsch</title>
<id>de-DE/opds.xml</id>
- <updated>2014-08-04T20:51:39</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>de-DE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="de-DE/opds.xml"/>
@@ -80,7 +80,7 @@
<entry>
<title>Ελληνικά</title>
<id>el-GR/opds.xml</id>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>el-GR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="el-GR/opds.xml"/>
@@ -88,7 +88,7 @@
<entry>
<title>English</title>
<id>en-US/opds.xml</id>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:41</updated>
<dc:language>en-US</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="en-US/opds.xml"/>
@@ -96,7 +96,7 @@
<entry>
<title>Español</title>
<id>es-ES/opds.xml</id>
- <updated>2014-08-04T20:51:40</updated>
+ <updated>2014-10-13T17:32:42</updated>
<dc:language>es-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="es-ES/opds.xml"/>
@@ -104,7 +104,7 @@
<entry>
<title>فارسی</title>
<id>fa-IR/opds.xml</id>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:42</updated>
<dc:language>fa-IR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="fa-IR/opds.xml"/>
@@ -112,7 +112,7 @@
<entry>
<title>Suomi</title>
<id>fi-FI/opds.xml</id>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<dc:language>fi-FI</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="fi-FI/opds.xml"/>
@@ -120,7 +120,7 @@
<entry>
<title>Français</title>
<id>fr-FR/opds.xml</id>
- <updated>2014-08-04T20:51:41</updated>
+ <updated>2014-10-13T17:32:43</updated>
<dc:language>fr-FR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="fr-FR/opds.xml"/>
@@ -128,7 +128,7 @@
<entry>
<title>ગુજરાતી</title>
<id>gu-IN/opds.xml</id>
- <updated>2014-08-04T20:51:42</updated>
+ <updated>2014-10-13T17:32:43</updated>
<dc:language>gu-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="gu-IN/opds.xml"/>
@@ -136,7 +136,7 @@
<entry>
<title>עברית</title>
<id>he-IL/opds.xml</id>
- <updated>2014-08-04T20:51:42</updated>
+ <updated>2014-10-13T17:32:44</updated>
<dc:language>he-IL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="he-IL/opds.xml"/>
@@ -144,7 +144,7 @@
<entry>
<title>हिन्दी</title>
<id>hi-IN/opds.xml</id>
- <updated>2014-08-04T20:51:42</updated>
+ <updated>2014-10-13T17:32:44</updated>
<dc:language>hi-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="hi-IN/opds.xml"/>
@@ -152,7 +152,7 @@
<entry>
<title>Magyar</title>
<id>hu-HU/opds.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:44</updated>
<dc:language>hu-HU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="hu-HU/opds.xml"/>
@@ -160,7 +160,7 @@
<entry>
<title>Interlingua (International Auxiliary Language Association)</title>
<id>ia/opds.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:45</updated>
<dc:language>ia</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="ia/opds.xml"/>
@@ -168,7 +168,7 @@
<entry>
<title>Indonesia</title>
<id>id-ID/opds.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:45</updated>
<dc:language>id-ID</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="id-ID/opds.xml"/>
@@ -176,7 +176,7 @@
<entry>
<title>Italiano</title>
<id>it-IT/opds.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:46</updated>
<dc:language>it-IT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="it-IT/opds.xml"/>
@@ -184,7 +184,7 @@
<entry>
<title>日本語</title>
<id>ja-JP/opds.xml</id>
- <updated>2014-08-04T20:51:43</updated>
+ <updated>2014-10-13T17:32:47</updated>
<dc:language>ja-JP</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="ja-JP/opds.xml"/>
@@ -192,7 +192,7 @@
<entry>
<title>ಕನ್ನಡ</title>
<id>kn-IN/opds.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<dc:language>kn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="kn-IN/opds.xml"/>
@@ -200,7 +200,7 @@
<entry>
<title>한국어</title>
<id>ko-KR/opds.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<dc:language>ko-KR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="ko-KR/opds.xml"/>
@@ -208,7 +208,7 @@
<entry>
<title>Lithuanian</title>
<id>lt-LT/opds.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<dc:language>lt-LT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="lt-LT/opds.xml"/>
@@ -216,7 +216,7 @@
<entry>
<title>മലയാളം</title>
<id>ml-IN/opds.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:48</updated>
<dc:language>ml-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="ml-IN/opds.xml"/>
@@ -224,7 +224,7 @@
<entry>
<title>मराठी</title>
<id>mr-IN/opds.xml</id>
- <updated>2014-08-04T20:51:44</updated>
+ <updated>2014-10-13T17:32:49</updated>
<dc:language>mr-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="mr-IN/opds.xml"/>
@@ -232,7 +232,7 @@
<entry>
<title>Norsk (bokmål)</title>
<id>nb-NO/opds.xml</id>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:49</updated>
<dc:language>nb-NO</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="nb-NO/opds.xml"/>
@@ -240,7 +240,7 @@
<entry>
<title>Nederlands</title>
<id>nl-NL/opds.xml</id>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<dc:language>nl-NL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="nl-NL/opds.xml"/>
@@ -248,7 +248,7 @@
<entry>
<title>ଓଡ଼ିଆ</title>
<id>or-IN/opds.xml</id>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<dc:language>or-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="or-IN/opds.xml"/>
@@ -256,7 +256,7 @@
<entry>
<title>ਪੰਜਾਬੀ</title>
<id>pa-IN/opds.xml</id>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<dc:language>pa-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="pa-IN/opds.xml"/>
@@ -264,7 +264,7 @@
<entry>
<title>Polski</title>
<id>pl-PL/opds.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:51</updated>
<dc:language>pl-PL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="pl-PL/opds.xml"/>
@@ -272,7 +272,7 @@
<entry>
<title>Português Brasileiro</title>
<id>pt-BR/opds.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:52</updated>
<dc:language>pt-BR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="pt-BR/opds.xml"/>
@@ -280,7 +280,7 @@
<entry>
<title>Português</title>
<id>pt-PT/opds.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:52</updated>
<dc:language>pt-PT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="pt-PT/opds.xml"/>
@@ -288,7 +288,7 @@
<entry>
<title>Romanian</title>
<id>ro/opds.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:52</updated>
<dc:language>ro</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="ro/opds.xml"/>
@@ -296,7 +296,7 @@
<entry>
<title>Русский</title>
<id>ru-RU/opds.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:53</updated>
<dc:language>ru-RU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="ru-RU/opds.xml"/>
@@ -304,7 +304,7 @@
<entry>
<title>Slovenščina</title>
<id>sk-SK/opds.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:54</updated>
<dc:language>sk-SK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="sk-SK/opds.xml"/>
@@ -312,7 +312,7 @@
<entry>
<title>Srpski (latinica)</title>
<id>sr-Latn-RS/opds.xml</id>
- <updated>2014-08-04T20:51:47</updated>
+ <updated>2014-10-13T17:32:55</updated>
<dc:language>sr-Latn-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="sr-Latn-RS/opds.xml"/>
@@ -320,7 +320,7 @@
<entry>
<title>Српски</title>
<id>sr-RS/opds.xml</id>
- <updated>2014-08-04T20:51:47</updated>
+ <updated>2014-10-13T17:32:55</updated>
<dc:language>sr-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="sr-RS/opds.xml"/>
@@ -328,7 +328,7 @@
<entry>
<title>Svenska</title>
<id>sv-SE/opds.xml</id>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<dc:language>sv-SE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="sv-SE/opds.xml"/>
@@ -336,7 +336,7 @@
<entry>
<title>தமிழ்</title>
<id>ta-IN/opds.xml</id>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<dc:language>ta-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="ta-IN/opds.xml"/>
@@ -344,7 +344,7 @@
<entry>
<title>తెలుగు</title>
<id>te-IN/opds.xml</id>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<dc:language>te-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="te-IN/opds.xml"/>
@@ -352,7 +352,7 @@
<entry>
<title>Українська</title>
<id>uk-UA/opds.xml</id>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:57</updated>
<dc:language>uk-UA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="uk-UA/opds.xml"/>
@@ -360,7 +360,7 @@
<entry>
<title>简体中文</title>
<id>zh-CN/opds.xml</id>
- <updated>2014-08-04T20:51:49</updated>
+ <updated>2014-10-13T17:32:57</updated>
<dc:language>zh-CN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="zh-CN/opds.xml"/>
@@ -368,7 +368,7 @@
<entry>
<title>繁體中文</title>
<id>zh-TW/opds.xml</id>
- <updated>2014-08-04T20:51:49</updated>
+ <updated>2014-10-13T17:32:57</updated>
<dc:language>zh-TW</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="zh-TW/opds.xml"/>
diff --git a/public_html/or-IN/opds-Community_Services_Infrastructure.xml b/public_html/or-IN/opds-Community_Services_Infrastructure.xml
index 5695481..dfb3adb 100644
--- a/public_html/or-IN/opds-Community_Services_Infrastructure.xml
+++ b/public_html/or-IN/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/or-IN/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/or-IN/opds-Fedora.xml b/public_html/or-IN/opds-Fedora.xml
index 6910caa..5c9fa6e 100644
--- a/public_html/or-IN/opds-Fedora.xml
+++ b/public_html/or-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/or-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/or-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/or-IN/opds-Fedora_Contributor_Documentation.xml
index d13fb4a..576be75 100644
--- a/public_html/or-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/or-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/or-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/or-IN/opds-Fedora_Core.xml b/public_html/or-IN/opds-Fedora_Core.xml
index 75a1a27..9601632 100644
--- a/public_html/or-IN/opds-Fedora_Core.xml
+++ b/public_html/or-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/or-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/or-IN/opds-Fedora_Documentation.xml b/public_html/or-IN/opds-Fedora_Documentation.xml
index 09c02ab..ea75860 100644
--- a/public_html/or-IN/opds-Fedora_Documentation.xml
+++ b/public_html/or-IN/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/or-IN/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/or-IN/opds-Fedora_Draft_Documentation.xml b/public_html/or-IN/opds-Fedora_Draft_Documentation.xml
index 9fc1b80..664ca5f 100644
--- a/public_html/or-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/or-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/or-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/or-IN/opds-Fedora_Security_Team.xml b/public_html/or-IN/opds-Fedora_Security_Team.xml
index 3087937..849fcee 100644
--- a/public_html/or-IN/opds-Fedora_Security_Team.xml
+++ b/public_html/or-IN/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/or-IN/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>or-IN</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/or-IN/opds.xml b/public_html/or-IN/opds.xml
index 1221ae2..55fd1f3 100644
--- a/public_html/or-IN/opds.xml
+++ b/public_html/or-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/or-IN/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/or-IN/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<dc:language>or-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/or-IN/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<dc:language>or-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/or-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<dc:language>or-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/or-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<dc:language>or-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/or-IN/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<dc:language>or-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/or-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<dc:language>or-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/or-IN/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<dc:language>or-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/pa-IN/opds-Community_Services_Infrastructure.xml b/public_html/pa-IN/opds-Community_Services_Infrastructure.xml
index fb25d5c..79d0aa9 100644
--- a/public_html/pa-IN/opds-Community_Services_Infrastructure.xml
+++ b/public_html/pa-IN/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pa-IN/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pa-IN/opds-Fedora.xml b/public_html/pa-IN/opds-Fedora.xml
index f6ecedf..47e9fbb 100644
--- a/public_html/pa-IN/opds-Fedora.xml
+++ b/public_html/pa-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pa-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pa-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/pa-IN/opds-Fedora_Contributor_Documentation.xml
index 3a3e94c..8fec149 100644
--- a/public_html/pa-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/pa-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pa-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pa-IN/opds-Fedora_Core.xml b/public_html/pa-IN/opds-Fedora_Core.xml
index 33930eb..5b909b1 100644
--- a/public_html/pa-IN/opds-Fedora_Core.xml
+++ b/public_html/pa-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pa-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pa-IN/opds-Fedora_Documentation.xml b/public_html/pa-IN/opds-Fedora_Documentation.xml
index de2c7eb..944020e 100644
--- a/public_html/pa-IN/opds-Fedora_Documentation.xml
+++ b/public_html/pa-IN/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pa-IN/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pa-IN/opds-Fedora_Draft_Documentation.xml b/public_html/pa-IN/opds-Fedora_Draft_Documentation.xml
index f9c234d..0da90d1 100644
--- a/public_html/pa-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/pa-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pa-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pa-IN/opds-Fedora_Security_Team.xml b/public_html/pa-IN/opds-Fedora_Security_Team.xml
index 48486fc..ab2f414 100644
--- a/public_html/pa-IN/opds-Fedora_Security_Team.xml
+++ b/public_html/pa-IN/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pa-IN/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>pa-IN</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/pa-IN/opds.xml b/public_html/pa-IN/opds.xml
index 93c2300..66f08f6 100644
--- a/public_html/pa-IN/opds.xml
+++ b/public_html/pa-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/pa-IN/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/pa-IN/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<dc:language>pa-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/pa-IN/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<dc:language>pa-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/pa-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<dc:language>pa-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/pa-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<dc:language>pa-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/pa-IN/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<dc:language>pa-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/pa-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<dc:language>pa-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/pa-IN/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<dc:language>pa-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/pl-PL/opds-Community_Services_Infrastructure.xml b/public_html/pl-PL/opds-Community_Services_Infrastructure.xml
index 6614726..338862d 100644
--- a/public_html/pl-PL/opds-Community_Services_Infrastructure.xml
+++ b/public_html/pl-PL/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pl-PL/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pl-PL/opds-Fedora.xml b/public_html/pl-PL/opds-Fedora.xml
index ec56078..c2a22aa 100644
--- a/public_html/pl-PL/opds-Fedora.xml
+++ b/public_html/pl-PL/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pl-PL/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:51</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pl-PL/opds-Fedora_Contributor_Documentation.xml b/public_html/pl-PL/opds-Fedora_Contributor_Documentation.xml
index 19ddfdd..5219f67 100644
--- a/public_html/pl-PL/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/pl-PL/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pl-PL/opds-Fedora_Contributor_Documentation.xml</id>
<title>Dokumentacja dla współtwórców Fedory</title>
<subtitle>Dokumentacja dla współtwórców Fedory</subtitle>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:51</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pl-PL/opds-Fedora_Core.xml b/public_html/pl-PL/opds-Fedora_Core.xml
index b07bacb..63f997f 100644
--- a/public_html/pl-PL/opds-Fedora_Core.xml
+++ b/public_html/pl-PL/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pl-PL/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:51</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pl-PL/opds-Fedora_Documentation.xml b/public_html/pl-PL/opds-Fedora_Documentation.xml
index 1d4f145..a8c3730 100644
--- a/public_html/pl-PL/opds-Fedora_Documentation.xml
+++ b/public_html/pl-PL/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pl-PL/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:51</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pl-PL/opds-Fedora_Draft_Documentation.xml b/public_html/pl-PL/opds-Fedora_Draft_Documentation.xml
index fb73653..cb2da98 100644
--- a/public_html/pl-PL/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/pl-PL/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pl-PL/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:51</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pl-PL/opds-Fedora_Security_Team.xml b/public_html/pl-PL/opds-Fedora_Security_Team.xml
index 56a73b5..771f9a8 100644
--- a/public_html/pl-PL/opds-Fedora_Security_Team.xml
+++ b/public_html/pl-PL/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pl-PL/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:51</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>pl-PL</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/pl-PL/opds.xml b/public_html/pl-PL/opds.xml
index 64bc00d..8a60077 100644
--- a/public_html/pl-PL/opds.xml
+++ b/public_html/pl-PL/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/pl-PL/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:51</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/pl-PL/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:50</updated>
<dc:language>pl-PL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/pl-PL/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:51</updated>
<dc:language>pl-PL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Dokumentacja dla współtwórców Fedory</title>
<id>http://docs.fedoraproject.org/pl-PL/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:51</updated>
<dc:language>pl-PL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/pl-PL/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:51</updated>
<dc:language>pl-PL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/pl-PL/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:51</updated>
<dc:language>pl-PL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/pl-PL/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:51</updated>
<dc:language>pl-PL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/pl-PL/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:45</updated>
+ <updated>2014-10-13T17:32:51</updated>
<dc:language>pl-PL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/pt-BR/opds-Community_Services_Infrastructure.xml b/public_html/pt-BR/opds-Community_Services_Infrastructure.xml
index ca73775..a0e56bc 100644
--- a/public_html/pt-BR/opds-Community_Services_Infrastructure.xml
+++ b/public_html/pt-BR/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-BR/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:51</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pt-BR/opds-Fedora.xml b/public_html/pt-BR/opds-Fedora.xml
index 338ab88..23146fc 100644
--- a/public_html/pt-BR/opds-Fedora.xml
+++ b/public_html/pt-BR/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-BR/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:51</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pt-BR/opds-Fedora_Contributor_Documentation.xml b/public_html/pt-BR/opds-Fedora_Contributor_Documentation.xml
index 54b8b4c..0125969 100644
--- a/public_html/pt-BR/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/pt-BR/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-BR/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:51</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pt-BR/opds-Fedora_Core.xml b/public_html/pt-BR/opds-Fedora_Core.xml
index c1eabf0..f8e4a3e 100644
--- a/public_html/pt-BR/opds-Fedora_Core.xml
+++ b/public_html/pt-BR/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-BR/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:51</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pt-BR/opds-Fedora_Documentation.xml b/public_html/pt-BR/opds-Fedora_Documentation.xml
index 7b7ea05..2a3485a 100644
--- a/public_html/pt-BR/opds-Fedora_Documentation.xml
+++ b/public_html/pt-BR/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-BR/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:51</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pt-BR/opds-Fedora_Draft_Documentation.xml b/public_html/pt-BR/opds-Fedora_Draft_Documentation.xml
index 8764527..3698cc8 100644
--- a/public_html/pt-BR/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/pt-BR/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-BR/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:51</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pt-BR/opds-Fedora_Security_Team.xml b/public_html/pt-BR/opds-Fedora_Security_Team.xml
index 1a538d9..9df077f 100644
--- a/public_html/pt-BR/opds-Fedora_Security_Team.xml
+++ b/public_html/pt-BR/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-BR/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:51</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>pt-BR</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/pt-BR/opds.xml b/public_html/pt-BR/opds.xml
index 1a37bf5..407ea75 100644
--- a/public_html/pt-BR/opds.xml
+++ b/public_html/pt-BR/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/pt-BR/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:52</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/pt-BR/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:51</updated>
<dc:language>pt-BR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/pt-BR/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:51</updated>
<dc:language>pt-BR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/pt-BR/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:51</updated>
<dc:language>pt-BR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/pt-BR/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:51</updated>
<dc:language>pt-BR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/pt-BR/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:51</updated>
<dc:language>pt-BR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/pt-BR/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:51</updated>
<dc:language>pt-BR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/pt-BR/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:51</updated>
<dc:language>pt-BR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/pt-PT/opds-Community_Services_Infrastructure.xml b/public_html/pt-PT/opds-Community_Services_Infrastructure.xml
index 9d62a64..b27d5c2 100644
--- a/public_html/pt-PT/opds-Community_Services_Infrastructure.xml
+++ b/public_html/pt-PT/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-PT/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:52</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pt-PT/opds-Fedora.xml b/public_html/pt-PT/opds-Fedora.xml
index bb3208f..7201a07 100644
--- a/public_html/pt-PT/opds-Fedora.xml
+++ b/public_html/pt-PT/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-PT/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:52</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pt-PT/opds-Fedora_Contributor_Documentation.xml b/public_html/pt-PT/opds-Fedora_Contributor_Documentation.xml
index 295f128..09e8265 100644
--- a/public_html/pt-PT/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/pt-PT/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-PT/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:52</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pt-PT/opds-Fedora_Core.xml b/public_html/pt-PT/opds-Fedora_Core.xml
index 720e7e2..672291e 100644
--- a/public_html/pt-PT/opds-Fedora_Core.xml
+++ b/public_html/pt-PT/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-PT/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:52</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pt-PT/opds-Fedora_Documentation.xml b/public_html/pt-PT/opds-Fedora_Documentation.xml
index 5f3c146..6dc1889 100644
--- a/public_html/pt-PT/opds-Fedora_Documentation.xml
+++ b/public_html/pt-PT/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-PT/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:52</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pt-PT/opds-Fedora_Draft_Documentation.xml b/public_html/pt-PT/opds-Fedora_Draft_Documentation.xml
index 5c43bfd..df96b1a 100644
--- a/public_html/pt-PT/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/pt-PT/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-PT/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:52</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pt-PT/opds-Fedora_Security_Team.xml b/public_html/pt-PT/opds-Fedora_Security_Team.xml
index 8468ae8..2085b1f 100644
--- a/public_html/pt-PT/opds-Fedora_Security_Team.xml
+++ b/public_html/pt-PT/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-PT/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:52</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>pt-PT</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/pt-PT/opds.xml b/public_html/pt-PT/opds.xml
index 3d1faa5..bef99ce 100644
--- a/public_html/pt-PT/opds.xml
+++ b/public_html/pt-PT/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/pt-PT/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:52</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/pt-PT/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:52</updated>
<dc:language>pt-PT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/pt-PT/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:52</updated>
<dc:language>pt-PT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/pt-PT/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:52</updated>
<dc:language>pt-PT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/pt-PT/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:52</updated>
<dc:language>pt-PT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/pt-PT/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:52</updated>
<dc:language>pt-PT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/pt-PT/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:52</updated>
<dc:language>pt-PT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/pt-PT/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:52</updated>
<dc:language>pt-PT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/ro/opds-Community_Services_Infrastructure.xml b/public_html/ro/opds-Community_Services_Infrastructure.xml
index 1ddf3b2..f347e45 100644
--- a/public_html/ro/opds-Community_Services_Infrastructure.xml
+++ b/public_html/ro/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ro/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:52</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ro/opds-Fedora.xml b/public_html/ro/opds-Fedora.xml
index 93330d2..5c935b0 100644
--- a/public_html/ro/opds-Fedora.xml
+++ b/public_html/ro/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ro/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:52</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ro/opds-Fedora_Contributor_Documentation.xml b/public_html/ro/opds-Fedora_Contributor_Documentation.xml
index 411bfd0..d92e602 100644
--- a/public_html/ro/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/ro/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ro/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:52</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ro/opds-Fedora_Core.xml b/public_html/ro/opds-Fedora_Core.xml
index 6bc99ca..893768f 100644
--- a/public_html/ro/opds-Fedora_Core.xml
+++ b/public_html/ro/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ro/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:52</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ro/opds-Fedora_Documentation.xml b/public_html/ro/opds-Fedora_Documentation.xml
index da32d88..d22fc78 100644
--- a/public_html/ro/opds-Fedora_Documentation.xml
+++ b/public_html/ro/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ro/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:52</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ro/opds-Fedora_Draft_Documentation.xml b/public_html/ro/opds-Fedora_Draft_Documentation.xml
index d076e74..488f34b 100644
--- a/public_html/ro/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/ro/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ro/opds-Fedora_Draft_Documentation.xml</id>
<title>Schiță Documentație Fedora</title>
<subtitle>Schiță Documentație Fedora</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:52</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ro/opds-Fedora_Security_Team.xml b/public_html/ro/opds-Fedora_Security_Team.xml
index 40f913d..5bc0574 100644
--- a/public_html/ro/opds-Fedora_Security_Team.xml
+++ b/public_html/ro/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ro/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:52</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>ro</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/ro/opds.xml b/public_html/ro/opds.xml
index ab4d5f7..0d7db21 100644
--- a/public_html/ro/opds.xml
+++ b/public_html/ro/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/ro/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:52</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/ro/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:52</updated>
<dc:language>ro</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/ro/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:52</updated>
<dc:language>ro</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/ro/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:52</updated>
<dc:language>ro</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/ro/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:52</updated>
<dc:language>ro</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/ro/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:52</updated>
<dc:language>ro</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Schiță Documentație Fedora</title>
<id>http://docs.fedoraproject.org/ro/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:52</updated>
<dc:language>ro</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/ro/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:52</updated>
<dc:language>ro</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/ru-RU/opds-Community_Services_Infrastructure.xml b/public_html/ru-RU/opds-Community_Services_Infrastructure.xml
index 1c7ce24..80dfdbf 100644
--- a/public_html/ru-RU/opds-Community_Services_Infrastructure.xml
+++ b/public_html/ru-RU/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ru-RU/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:53</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ru-RU/opds-Fedora.xml b/public_html/ru-RU/opds-Fedora.xml
index 9ccde37..2bf883f 100644
--- a/public_html/ru-RU/opds-Fedora.xml
+++ b/public_html/ru-RU/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ru-RU/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:53</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ru-RU/opds-Fedora_Contributor_Documentation.xml b/public_html/ru-RU/opds-Fedora_Contributor_Documentation.xml
index d23dced..5b97de1 100644
--- a/public_html/ru-RU/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/ru-RU/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ru-RU/opds-Fedora_Contributor_Documentation.xml</id>
<title>Документация участника Fedora</title>
<subtitle>Документация участника Fedora</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:53</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ru-RU/opds-Fedora_Core.xml b/public_html/ru-RU/opds-Fedora_Core.xml
index 15531d0..b89127a 100644
--- a/public_html/ru-RU/opds-Fedora_Core.xml
+++ b/public_html/ru-RU/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ru-RU/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:53</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ru-RU/opds-Fedora_Documentation.xml b/public_html/ru-RU/opds-Fedora_Documentation.xml
index 84f0d7a..9a20f5f 100644
--- a/public_html/ru-RU/opds-Fedora_Documentation.xml
+++ b/public_html/ru-RU/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ru-RU/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:53</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ru-RU/opds-Fedora_Draft_Documentation.xml b/public_html/ru-RU/opds-Fedora_Draft_Documentation.xml
index 67c88e3..902781f 100644
--- a/public_html/ru-RU/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/ru-RU/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ru-RU/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:53</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ru-RU/opds-Fedora_Security_Team.xml b/public_html/ru-RU/opds-Fedora_Security_Team.xml
index fddbfe1..94c3363 100644
--- a/public_html/ru-RU/opds-Fedora_Security_Team.xml
+++ b/public_html/ru-RU/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ru-RU/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:53</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>ru-RU</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/ru-RU/opds.xml b/public_html/ru-RU/opds.xml
index 480e6bf..c211334 100644
--- a/public_html/ru-RU/opds.xml
+++ b/public_html/ru-RU/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/ru-RU/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:53</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/ru-RU/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:53</updated>
<dc:language>ru-RU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/ru-RU/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:53</updated>
<dc:language>ru-RU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Документация участника Fedora</title>
<id>http://docs.fedoraproject.org/ru-RU/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:53</updated>
<dc:language>ru-RU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/ru-RU/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:53</updated>
<dc:language>ru-RU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/ru-RU/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:53</updated>
<dc:language>ru-RU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/ru-RU/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:53</updated>
<dc:language>ru-RU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/ru-RU/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:53</updated>
<dc:language>ru-RU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/sk-SK/opds-Community_Services_Infrastructure.xml b/public_html/sk-SK/opds-Community_Services_Infrastructure.xml
index 5308244..3b2e9cd 100644
--- a/public_html/sk-SK/opds-Community_Services_Infrastructure.xml
+++ b/public_html/sk-SK/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sk-SK/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:53</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sk-SK/opds-Fedora.xml b/public_html/sk-SK/opds-Fedora.xml
index 9921d01..04704d3 100644
--- a/public_html/sk-SK/opds-Fedora.xml
+++ b/public_html/sk-SK/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sk-SK/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:54</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sk-SK/opds-Fedora_Contributor_Documentation.xml b/public_html/sk-SK/opds-Fedora_Contributor_Documentation.xml
index e21e1ef..f8e6511 100644
--- a/public_html/sk-SK/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/sk-SK/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sk-SK/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:54</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sk-SK/opds-Fedora_Core.xml b/public_html/sk-SK/opds-Fedora_Core.xml
index afa4fed..2ee7233 100644
--- a/public_html/sk-SK/opds-Fedora_Core.xml
+++ b/public_html/sk-SK/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sk-SK/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:54</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sk-SK/opds-Fedora_Documentation.xml b/public_html/sk-SK/opds-Fedora_Documentation.xml
index 5acceed..0ab9004 100644
--- a/public_html/sk-SK/opds-Fedora_Documentation.xml
+++ b/public_html/sk-SK/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sk-SK/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:54</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sk-SK/opds-Fedora_Draft_Documentation.xml b/public_html/sk-SK/opds-Fedora_Draft_Documentation.xml
index 41a2e86..d305203 100644
--- a/public_html/sk-SK/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/sk-SK/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sk-SK/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:54</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sk-SK/opds-Fedora_Security_Team.xml b/public_html/sk-SK/opds-Fedora_Security_Team.xml
index 7960ace..f1d7b30 100644
--- a/public_html/sk-SK/opds-Fedora_Security_Team.xml
+++ b/public_html/sk-SK/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sk-SK/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:54</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>sk-SK</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/sk-SK/opds.xml b/public_html/sk-SK/opds.xml
index 2b47ece..b82f046 100644
--- a/public_html/sk-SK/opds.xml
+++ b/public_html/sk-SK/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/sk-SK/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:54</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/sk-SK/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:53</updated>
<dc:language>sk-SK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/sk-SK/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:54</updated>
<dc:language>sk-SK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/sk-SK/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:54</updated>
<dc:language>sk-SK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/sk-SK/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:54</updated>
<dc:language>sk-SK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/sk-SK/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:54</updated>
<dc:language>sk-SK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/sk-SK/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:54</updated>
<dc:language>sk-SK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/sk-SK/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:54</updated>
<dc:language>sk-SK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/sr-Latn-RS/opds-Community_Services_Infrastructure.xml b/public_html/sr-Latn-RS/opds-Community_Services_Infrastructure.xml
index 4dcf43e..926de56 100644
--- a/public_html/sr-Latn-RS/opds-Community_Services_Infrastructure.xml
+++ b/public_html/sr-Latn-RS/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-Latn-RS/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:54</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sr-Latn-RS/opds-Fedora.xml b/public_html/sr-Latn-RS/opds-Fedora.xml
index da9cc7a..2989510 100644
--- a/public_html/sr-Latn-RS/opds-Fedora.xml
+++ b/public_html/sr-Latn-RS/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-Latn-RS/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:55</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sr-Latn-RS/opds-Fedora_Contributor_Documentation.xml b/public_html/sr-Latn-RS/opds-Fedora_Contributor_Documentation.xml
index 15f4da0..a4d1d7e 100644
--- a/public_html/sr-Latn-RS/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/sr-Latn-RS/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-Latn-RS/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:55</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sr-Latn-RS/opds-Fedora_Core.xml b/public_html/sr-Latn-RS/opds-Fedora_Core.xml
index 757b3ad..71a00e6 100644
--- a/public_html/sr-Latn-RS/opds-Fedora_Core.xml
+++ b/public_html/sr-Latn-RS/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-Latn-RS/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:55</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sr-Latn-RS/opds-Fedora_Documentation.xml b/public_html/sr-Latn-RS/opds-Fedora_Documentation.xml
index 5675e94..fc5530a 100644
--- a/public_html/sr-Latn-RS/opds-Fedora_Documentation.xml
+++ b/public_html/sr-Latn-RS/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-Latn-RS/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:47</updated>
+ <updated>2014-10-13T17:32:55</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sr-Latn-RS/opds-Fedora_Draft_Documentation.xml b/public_html/sr-Latn-RS/opds-Fedora_Draft_Documentation.xml
index 8d1c0ab..fcaddba 100644
--- a/public_html/sr-Latn-RS/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/sr-Latn-RS/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-Latn-RS/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:47</updated>
+ <updated>2014-10-13T17:32:55</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sr-Latn-RS/opds-Fedora_Security_Team.xml b/public_html/sr-Latn-RS/opds-Fedora_Security_Team.xml
index 233c0a0..32726ac 100644
--- a/public_html/sr-Latn-RS/opds-Fedora_Security_Team.xml
+++ b/public_html/sr-Latn-RS/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-Latn-RS/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:47</updated>
+ <updated>2014-10-13T17:32:55</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>sr-Latn-RS</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/sr-Latn-RS/opds.xml b/public_html/sr-Latn-RS/opds.xml
index ef59e4b..d80e031 100644
--- a/public_html/sr-Latn-RS/opds.xml
+++ b/public_html/sr-Latn-RS/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/sr-Latn-RS/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:47</updated>
+ <updated>2014-10-13T17:32:55</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/sr-Latn-RS/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:54</updated>
<dc:language>sr-Latn-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/sr-Latn-RS/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:55</updated>
<dc:language>sr-Latn-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/sr-Latn-RS/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:46</updated>
+ <updated>2014-10-13T17:32:55</updated>
<dc:language>sr-Latn-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/sr-Latn-RS/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:47</updated>
+ <updated>2014-10-13T17:32:55</updated>
<dc:language>sr-Latn-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/sr-Latn-RS/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:47</updated>
+ <updated>2014-10-13T17:32:55</updated>
<dc:language>sr-Latn-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/sr-Latn-RS/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:47</updated>
+ <updated>2014-10-13T17:32:55</updated>
<dc:language>sr-Latn-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/sr-Latn-RS/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:47</updated>
+ <updated>2014-10-13T17:32:55</updated>
<dc:language>sr-Latn-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/sr-RS/opds-Community_Services_Infrastructure.xml b/public_html/sr-RS/opds-Community_Services_Infrastructure.xml
index 33d36df..c345eca 100644
--- a/public_html/sr-RS/opds-Community_Services_Infrastructure.xml
+++ b/public_html/sr-RS/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-RS/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:47</updated>
+ <updated>2014-10-13T17:32:55</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sr-RS/opds-Fedora.xml b/public_html/sr-RS/opds-Fedora.xml
index e5e22bc..94d51cf 100644
--- a/public_html/sr-RS/opds-Fedora.xml
+++ b/public_html/sr-RS/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-RS/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:47</updated>
+ <updated>2014-10-13T17:32:55</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sr-RS/opds-Fedora_Contributor_Documentation.xml b/public_html/sr-RS/opds-Fedora_Contributor_Documentation.xml
index e0b38da..906cba9 100644
--- a/public_html/sr-RS/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/sr-RS/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-RS/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-08-04T20:51:47</updated>
+ <updated>2014-10-13T17:32:55</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sr-RS/opds-Fedora_Core.xml b/public_html/sr-RS/opds-Fedora_Core.xml
index f4089e0..661819e 100644
--- a/public_html/sr-RS/opds-Fedora_Core.xml
+++ b/public_html/sr-RS/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-RS/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:47</updated>
+ <updated>2014-10-13T17:32:55</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sr-RS/opds-Fedora_Documentation.xml b/public_html/sr-RS/opds-Fedora_Documentation.xml
index b8a8df0..141892f 100644
--- a/public_html/sr-RS/opds-Fedora_Documentation.xml
+++ b/public_html/sr-RS/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-RS/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:47</updated>
+ <updated>2014-10-13T17:32:55</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sr-RS/opds-Fedora_Draft_Documentation.xml b/public_html/sr-RS/opds-Fedora_Draft_Documentation.xml
index 96d1160..f5a5764 100644
--- a/public_html/sr-RS/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/sr-RS/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-RS/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:47</updated>
+ <updated>2014-10-13T17:32:55</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sr-RS/opds-Fedora_Security_Team.xml b/public_html/sr-RS/opds-Fedora_Security_Team.xml
index 807144c..0d41fda 100644
--- a/public_html/sr-RS/opds-Fedora_Security_Team.xml
+++ b/public_html/sr-RS/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-RS/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:47</updated>
+ <updated>2014-10-13T17:32:55</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>sr-RS</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/sr-RS/opds.xml b/public_html/sr-RS/opds.xml
index 6f181f7..2ae8799 100644
--- a/public_html/sr-RS/opds.xml
+++ b/public_html/sr-RS/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/sr-RS/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:47</updated>
+ <updated>2014-10-13T17:32:55</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/sr-RS/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:47</updated>
+ <updated>2014-10-13T17:32:55</updated>
<dc:language>sr-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/sr-RS/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:47</updated>
+ <updated>2014-10-13T17:32:55</updated>
<dc:language>sr-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/sr-RS/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:47</updated>
+ <updated>2014-10-13T17:32:55</updated>
<dc:language>sr-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/sr-RS/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:47</updated>
+ <updated>2014-10-13T17:32:55</updated>
<dc:language>sr-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/sr-RS/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:47</updated>
+ <updated>2014-10-13T17:32:55</updated>
<dc:language>sr-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/sr-RS/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:47</updated>
+ <updated>2014-10-13T17:32:55</updated>
<dc:language>sr-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/sr-RS/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:47</updated>
+ <updated>2014-10-13T17:32:55</updated>
<dc:language>sr-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/sv-SE/opds-Community_Services_Infrastructure.xml b/public_html/sv-SE/opds-Community_Services_Infrastructure.xml
index 603fd60..66c8af2 100644
--- a/public_html/sv-SE/opds-Community_Services_Infrastructure.xml
+++ b/public_html/sv-SE/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sv-SE/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:47</updated>
+ <updated>2014-10-13T17:32:55</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sv-SE/opds-Fedora.xml b/public_html/sv-SE/opds-Fedora.xml
index 4b3b3c8..88bdbe9 100644
--- a/public_html/sv-SE/opds-Fedora.xml
+++ b/public_html/sv-SE/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sv-SE/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sv-SE/opds-Fedora_Contributor_Documentation.xml b/public_html/sv-SE/opds-Fedora_Contributor_Documentation.xml
index 28bac4f..ac76090 100644
--- a/public_html/sv-SE/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/sv-SE/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sv-SE/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sv-SE/opds-Fedora_Core.xml b/public_html/sv-SE/opds-Fedora_Core.xml
index b848350..2d0e555 100644
--- a/public_html/sv-SE/opds-Fedora_Core.xml
+++ b/public_html/sv-SE/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sv-SE/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sv-SE/opds-Fedora_Documentation.xml b/public_html/sv-SE/opds-Fedora_Documentation.xml
index c962711..cbb4eef 100644
--- a/public_html/sv-SE/opds-Fedora_Documentation.xml
+++ b/public_html/sv-SE/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sv-SE/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sv-SE/opds-Fedora_Draft_Documentation.xml b/public_html/sv-SE/opds-Fedora_Draft_Documentation.xml
index 01fc5fe..0fb1884 100644
--- a/public_html/sv-SE/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/sv-SE/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sv-SE/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sv-SE/opds-Fedora_Security_Team.xml b/public_html/sv-SE/opds-Fedora_Security_Team.xml
index 06bbe75..be0964a 100644
--- a/public_html/sv-SE/opds-Fedora_Security_Team.xml
+++ b/public_html/sv-SE/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sv-SE/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>sv-SE</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/sv-SE/opds.xml b/public_html/sv-SE/opds.xml
index 1d799fa..82bc6af 100644
--- a/public_html/sv-SE/opds.xml
+++ b/public_html/sv-SE/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/sv-SE/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/sv-SE/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:47</updated>
+ <updated>2014-10-13T17:32:55</updated>
<dc:language>sv-SE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/sv-SE/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<dc:language>sv-SE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/sv-SE/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<dc:language>sv-SE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/sv-SE/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<dc:language>sv-SE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/sv-SE/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<dc:language>sv-SE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/sv-SE/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<dc:language>sv-SE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/sv-SE/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<dc:language>sv-SE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/ta-IN/opds-Community_Services_Infrastructure.xml b/public_html/ta-IN/opds-Community_Services_Infrastructure.xml
index 04d7bf4..5424571 100644
--- a/public_html/ta-IN/opds-Community_Services_Infrastructure.xml
+++ b/public_html/ta-IN/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ta-IN/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ta-IN/opds-Fedora.xml b/public_html/ta-IN/opds-Fedora.xml
index 7cb8c1d..4043a7b 100644
--- a/public_html/ta-IN/opds-Fedora.xml
+++ b/public_html/ta-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ta-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ta-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/ta-IN/opds-Fedora_Contributor_Documentation.xml
index 9966e13..9174dc7 100644
--- a/public_html/ta-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/ta-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ta-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ta-IN/opds-Fedora_Core.xml b/public_html/ta-IN/opds-Fedora_Core.xml
index 3121515..1a18566 100644
--- a/public_html/ta-IN/opds-Fedora_Core.xml
+++ b/public_html/ta-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ta-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ta-IN/opds-Fedora_Documentation.xml b/public_html/ta-IN/opds-Fedora_Documentation.xml
index 92c2ad9..2b8e4d4 100644
--- a/public_html/ta-IN/opds-Fedora_Documentation.xml
+++ b/public_html/ta-IN/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ta-IN/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ta-IN/opds-Fedora_Draft_Documentation.xml b/public_html/ta-IN/opds-Fedora_Draft_Documentation.xml
index def4f03..bd46bc1 100644
--- a/public_html/ta-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/ta-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ta-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ta-IN/opds-Fedora_Security_Team.xml b/public_html/ta-IN/opds-Fedora_Security_Team.xml
index 8686f6e..46e786f 100644
--- a/public_html/ta-IN/opds-Fedora_Security_Team.xml
+++ b/public_html/ta-IN/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ta-IN/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>ta-IN</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/ta-IN/opds.xml b/public_html/ta-IN/opds.xml
index 6ad304b..436db93 100644
--- a/public_html/ta-IN/opds.xml
+++ b/public_html/ta-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/ta-IN/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/ta-IN/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<dc:language>ta-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/ta-IN/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<dc:language>ta-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/ta-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<dc:language>ta-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/ta-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<dc:language>ta-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/ta-IN/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<dc:language>ta-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/ta-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<dc:language>ta-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/ta-IN/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<dc:language>ta-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/te-IN/opds-Community_Services_Infrastructure.xml b/public_html/te-IN/opds-Community_Services_Infrastructure.xml
index 6385915..c5e948e 100644
--- a/public_html/te-IN/opds-Community_Services_Infrastructure.xml
+++ b/public_html/te-IN/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/te-IN/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/te-IN/opds-Fedora.xml b/public_html/te-IN/opds-Fedora.xml
index 45c0396..1a373cc 100644
--- a/public_html/te-IN/opds-Fedora.xml
+++ b/public_html/te-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/te-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/te-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/te-IN/opds-Fedora_Contributor_Documentation.xml
index d7e6ac6..1e2bdde 100644
--- a/public_html/te-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/te-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/te-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/te-IN/opds-Fedora_Core.xml b/public_html/te-IN/opds-Fedora_Core.xml
index 8ee9f39..c8cf310 100644
--- a/public_html/te-IN/opds-Fedora_Core.xml
+++ b/public_html/te-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/te-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/te-IN/opds-Fedora_Documentation.xml b/public_html/te-IN/opds-Fedora_Documentation.xml
index f3bcdc7..903c7fc 100644
--- a/public_html/te-IN/opds-Fedora_Documentation.xml
+++ b/public_html/te-IN/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/te-IN/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/te-IN/opds-Fedora_Draft_Documentation.xml b/public_html/te-IN/opds-Fedora_Draft_Documentation.xml
index 3c00a39..86ff6bc 100644
--- a/public_html/te-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/te-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/te-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/te-IN/opds-Fedora_Security_Team.xml b/public_html/te-IN/opds-Fedora_Security_Team.xml
index f8dddcf..8291a66 100644
--- a/public_html/te-IN/opds-Fedora_Security_Team.xml
+++ b/public_html/te-IN/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/te-IN/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>te-IN</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/te-IN/opds.xml b/public_html/te-IN/opds.xml
index 7415447..578de28 100644
--- a/public_html/te-IN/opds.xml
+++ b/public_html/te-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/te-IN/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/te-IN/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<dc:language>te-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/te-IN/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<dc:language>te-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/te-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<dc:language>te-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/te-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<dc:language>te-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/te-IN/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<dc:language>te-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/te-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<dc:language>te-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/te-IN/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<dc:language>te-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/uk-UA/opds-Community_Services_Infrastructure.xml b/public_html/uk-UA/opds-Community_Services_Infrastructure.xml
index 74c3421..4c99d60 100644
--- a/public_html/uk-UA/opds-Community_Services_Infrastructure.xml
+++ b/public_html/uk-UA/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/uk-UA/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/uk-UA/opds-Fedora.xml b/public_html/uk-UA/opds-Fedora.xml
index 3ed943b..9a2590b 100644
--- a/public_html/uk-UA/opds-Fedora.xml
+++ b/public_html/uk-UA/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/uk-UA/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/uk-UA/opds-Fedora_Contributor_Documentation.xml b/public_html/uk-UA/opds-Fedora_Contributor_Documentation.xml
index fb9c104..6fab9ec 100644
--- a/public_html/uk-UA/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/uk-UA/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/uk-UA/opds-Fedora_Contributor_Documentation.xml</id>
<title>Документація для учасника розробки Fedora</title>
<subtitle>Документація для учасника розробки Fedora</subtitle>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/uk-UA/opds-Fedora_Core.xml b/public_html/uk-UA/opds-Fedora_Core.xml
index e62746e..a66e405 100644
--- a/public_html/uk-UA/opds-Fedora_Core.xml
+++ b/public_html/uk-UA/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/uk-UA/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/uk-UA/opds-Fedora_Documentation.xml b/public_html/uk-UA/opds-Fedora_Documentation.xml
index cea8838..d8ec2b0 100644
--- a/public_html/uk-UA/opds-Fedora_Documentation.xml
+++ b/public_html/uk-UA/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/uk-UA/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/uk-UA/opds-Fedora_Draft_Documentation.xml b/public_html/uk-UA/opds-Fedora_Draft_Documentation.xml
index ec3fd10..3be093d 100644
--- a/public_html/uk-UA/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/uk-UA/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/uk-UA/opds-Fedora_Draft_Documentation.xml</id>
<title>Чернетки документації з Fedora</title>
<subtitle>Чернетки документації з Fedora</subtitle>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/uk-UA/opds-Fedora_Security_Team.xml b/public_html/uk-UA/opds-Fedora_Security_Team.xml
index fd8a2f2..4730e9a 100644
--- a/public_html/uk-UA/opds-Fedora_Security_Team.xml
+++ b/public_html/uk-UA/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/uk-UA/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>uk-UA</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/uk-UA/opds.xml b/public_html/uk-UA/opds.xml
index 956b59d..1ceae48 100644
--- a/public_html/uk-UA/opds.xml
+++ b/public_html/uk-UA/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/uk-UA/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:57</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/uk-UA/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<dc:language>uk-UA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/uk-UA/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<dc:language>uk-UA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Документація для учасника розробки Fedora</title>
<id>http://docs.fedoraproject.org/uk-UA/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<dc:language>uk-UA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/uk-UA/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<dc:language>uk-UA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/uk-UA/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<dc:language>uk-UA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Чернетки документації з Fedora</title>
<id>http://docs.fedoraproject.org/uk-UA/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<dc:language>uk-UA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/uk-UA/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:56</updated>
<dc:language>uk-UA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/zh-CN/opds-Community_Services_Infrastructure.xml b/public_html/zh-CN/opds-Community_Services_Infrastructure.xml
index 260ba9d..3f479db 100644
--- a/public_html/zh-CN/opds-Community_Services_Infrastructure.xml
+++ b/public_html/zh-CN/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-CN/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:57</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/zh-CN/opds-Fedora.xml b/public_html/zh-CN/opds-Fedora.xml
index e0bd591..6d87968 100644
--- a/public_html/zh-CN/opds-Fedora.xml
+++ b/public_html/zh-CN/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-CN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:49</updated>
+ <updated>2014-10-13T17:32:57</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/zh-CN/opds-Fedora_Contributor_Documentation.xml b/public_html/zh-CN/opds-Fedora_Contributor_Documentation.xml
index d8bb8e4..904e8c2 100644
--- a/public_html/zh-CN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/zh-CN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-CN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-08-04T20:51:49</updated>
+ <updated>2014-10-13T17:32:57</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/zh-CN/opds-Fedora_Core.xml b/public_html/zh-CN/opds-Fedora_Core.xml
index d1c90e4..1ad09c7 100644
--- a/public_html/zh-CN/opds-Fedora_Core.xml
+++ b/public_html/zh-CN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-CN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:49</updated>
+ <updated>2014-10-13T17:32:57</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/zh-CN/opds-Fedora_Documentation.xml b/public_html/zh-CN/opds-Fedora_Documentation.xml
index bcee361..85403ce 100644
--- a/public_html/zh-CN/opds-Fedora_Documentation.xml
+++ b/public_html/zh-CN/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-CN/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:49</updated>
+ <updated>2014-10-13T17:32:57</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/zh-CN/opds-Fedora_Draft_Documentation.xml b/public_html/zh-CN/opds-Fedora_Draft_Documentation.xml
index 25ee94a..3210675 100644
--- a/public_html/zh-CN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/zh-CN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-CN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:49</updated>
+ <updated>2014-10-13T17:32:57</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/zh-CN/opds-Fedora_Security_Team.xml b/public_html/zh-CN/opds-Fedora_Security_Team.xml
index 4af019b..1a73d41 100644
--- a/public_html/zh-CN/opds-Fedora_Security_Team.xml
+++ b/public_html/zh-CN/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-CN/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:49</updated>
+ <updated>2014-10-13T17:32:57</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>zh-CN</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/zh-CN/opds.xml b/public_html/zh-CN/opds.xml
index 55384cc..003fac2 100644
--- a/public_html/zh-CN/opds.xml
+++ b/public_html/zh-CN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/zh-CN/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:49</updated>
+ <updated>2014-10-13T17:32:57</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/zh-CN/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:48</updated>
+ <updated>2014-10-13T17:32:57</updated>
<dc:language>zh-CN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/zh-CN/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:49</updated>
+ <updated>2014-10-13T17:32:57</updated>
<dc:language>zh-CN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/zh-CN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:49</updated>
+ <updated>2014-10-13T17:32:57</updated>
<dc:language>zh-CN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/zh-CN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:49</updated>
+ <updated>2014-10-13T17:32:57</updated>
<dc:language>zh-CN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/zh-CN/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:49</updated>
+ <updated>2014-10-13T17:32:57</updated>
<dc:language>zh-CN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/zh-CN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:49</updated>
+ <updated>2014-10-13T17:32:57</updated>
<dc:language>zh-CN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/zh-CN/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:49</updated>
+ <updated>2014-10-13T17:32:57</updated>
<dc:language>zh-CN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
diff --git a/public_html/zh-TW/opds-Community_Services_Infrastructure.xml b/public_html/zh-TW/opds-Community_Services_Infrastructure.xml
index e46e38c..cc36f29 100644
--- a/public_html/zh-TW/opds-Community_Services_Infrastructure.xml
+++ b/public_html/zh-TW/opds-Community_Services_Infrastructure.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-TW/opds-Community_Services_Infrastructure.xml</id>
<title>Community Services Infrastructure</title>
<subtitle>Community Services Infrastructure</subtitle>
- <updated>2014-08-04T20:51:49</updated>
+ <updated>2014-10-13T17:32:57</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/zh-TW/opds-Fedora.xml b/public_html/zh-TW/opds-Fedora.xml
index fe64f49..51385e2 100644
--- a/public_html/zh-TW/opds-Fedora.xml
+++ b/public_html/zh-TW/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-TW/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2014-08-04T20:51:49</updated>
+ <updated>2014-10-13T17:32:57</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/zh-TW/opds-Fedora_Contributor_Documentation.xml b/public_html/zh-TW/opds-Fedora_Contributor_Documentation.xml
index 6578ec2..e6c8b0f 100644
--- a/public_html/zh-TW/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/zh-TW/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-TW/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2014-08-04T20:51:49</updated>
+ <updated>2014-10-13T17:32:57</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/zh-TW/opds-Fedora_Core.xml b/public_html/zh-TW/opds-Fedora_Core.xml
index a799273..1726429 100644
--- a/public_html/zh-TW/opds-Fedora_Core.xml
+++ b/public_html/zh-TW/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-TW/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2014-08-04T20:51:49</updated>
+ <updated>2014-10-13T17:32:57</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/zh-TW/opds-Fedora_Documentation.xml b/public_html/zh-TW/opds-Fedora_Documentation.xml
index 90124a4..077db79 100644
--- a/public_html/zh-TW/opds-Fedora_Documentation.xml
+++ b/public_html/zh-TW/opds-Fedora_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-TW/opds-Fedora_Documentation.xml</id>
<title>Fedora Documentation</title>
<subtitle>Fedora Documentation</subtitle>
- <updated>2014-08-04T20:51:49</updated>
+ <updated>2014-10-13T17:32:57</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/zh-TW/opds-Fedora_Draft_Documentation.xml b/public_html/zh-TW/opds-Fedora_Draft_Documentation.xml
index c077edc..6e337f2 100644
--- a/public_html/zh-TW/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/zh-TW/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-TW/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2014-08-04T20:51:49</updated>
+ <updated>2014-10-13T17:32:57</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/zh-TW/opds-Fedora_Security_Team.xml b/public_html/zh-TW/opds-Fedora_Security_Team.xml
index 446c1ba..107048d 100644
--- a/public_html/zh-TW/opds-Fedora_Security_Team.xml
+++ b/public_html/zh-TW/opds-Fedora_Security_Team.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-TW/opds-Fedora_Security_Team.xml</id>
<title>Fedora Security Team</title>
<subtitle>Fedora Security Team</subtitle>
- <updated>2014-08-04T20:51:49</updated>
+ <updated>2014-10-13T17:32:57</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2014-07-21</updated>
+ <updated>2014-10-13</updated>
<dc:language>zh-TW</dc:language>
<category label="1" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/zh-TW/opds.xml b/public_html/zh-TW/opds.xml
index f2db45d..242dd76 100644
--- a/public_html/zh-TW/opds.xml
+++ b/public_html/zh-TW/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/zh-TW/opds.xml</id>
<title>Product List</title>
- <updated>2014-08-04T20:51:49</updated>
+ <updated>2014-10-13T17:32:57</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Community Services Infrastructure</title>
<id>http://docs.fedoraproject.org/zh-TW/Community_Services_Infrastructure/opds-Community_Services_Infrastructure.xml</id>
- <updated>2014-08-04T20:51:49</updated>
+ <updated>2014-10-13T17:32:57</updated>
<dc:language>zh-TW</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Community_Services_Infrastructure.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/zh-TW/Fedora/opds-Fedora.xml</id>
- <updated>2014-08-04T20:51:49</updated>
+ <updated>2014-10-13T17:32:57</updated>
<dc:language>zh-TW</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/zh-TW/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2014-08-04T20:51:49</updated>
+ <updated>2014-10-13T17:32:57</updated>
<dc:language>zh-TW</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/zh-TW/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2014-08-04T20:51:49</updated>
+ <updated>2014-10-13T17:32:57</updated>
<dc:language>zh-TW</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Documentation</title>
<id>http://docs.fedoraproject.org/zh-TW/Fedora_Documentation/opds-Fedora_Documentation.xml</id>
- <updated>2014-08-04T20:51:49</updated>
+ <updated>2014-10-13T17:32:57</updated>
<dc:language>zh-TW</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Documentation.xml"/>
@@ -55,7 +55,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/zh-TW/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2014-08-04T20:51:49</updated>
+ <updated>2014-10-13T17:32:57</updated>
<dc:language>zh-TW</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
@@ -63,7 +63,7 @@
<entry>
<title>Fedora Security Team</title>
<id>http://docs.fedoraproject.org/zh-TW/Fedora_Security_Team/opds-Fedora_Security_Team.xml</id>
- <updated>2014-08-04T20:51:49</updated>
+ <updated>2014-10-13T17:32:57</updated>
<dc:language>zh-TW</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Security_Team.xml"/>
More information about the docs-commits
mailing list