I keep saying this, on PerlMonks and elsewhere, but the message still doesn't seem to be widely understood: evaluating security is very difficult in the absence of an explicit threat model. What do you consider to be the threats? Against what type of attacker, with what resources available to them, are you attempting to protect what kind of assets? What is the value of your assets to you and what is the expected value of your assets to the attacker? How much are you prepared to spend in order to protect your assets?

Once you have a threat model, you are in a position to evaluate the costs and benefits of performing a security analysis. Until then, you can only go on guided guesswork and try to avoid the simple pitfalls with low-cost countermeasures. With that in mind, the following material consists only of a few general principles to consider in addition to the items you've already mentioned.

Any output could be dangerous. Consider, for example, what would happen if the code rewrote your kernel, your password database, the binaries of your critical utilities ...

Some input could be dangerous (keyboard grabbers, password database, PKCS private keys ...) if the utility could later hijack a communications mechanism to leak the secrets. Note that the output channel need not be obvious --- there are any number of ways of setting up a covert channel.

A commonly used environment for testing security properties of software is to run it in a sandbox where it can't easily do as much harm as running it on a production system. For example, download the package onto a local machine but do not install it there. Fire up a virtual machine, ensuring the VM has no connection with any other system, including its host's filesystem and network. Then install the package on the VM and see what happens. Note that this approach will not detect all security vulnerabilities, not least because it depends critically on the "see what happens" stage. Nonetheless, it tends to pick up quite a few of the more obvious attacks.

Paul

In reply to Re: Is this code secure, can I test it on my machine? by Xilman
in thread Is this code secure, can I test it on my machine? by szabgab

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.