[TUHS] Off topic: Books on Unix security?

Steffen Nurpmeso via TUHS tuhs at tuhs.org
Tue Nov 18 06:12:09 AEST 2025 

Aaaah, apologies, apologies,

Rik Farrow wrote in
 <CACY3YMGHPXAWAZkWYCJLcqwqt1dgT_Sz7x-DTRxyhGG=xxeDKg at mail.gmail.com>:
 |I don't know of any recent, good books on Unix security. I wrote one, but
 |that was in 1990. Simpson and Spafford's book was last updated in 2003, and
 |had become somewhat of a monster by then at 986 pages:
 |
 |https://www.oreilly.com/library/view/practical-unix-and/0596003234/
 |
 |Paul Von Oorschot's security book second edition came out in 2021, and
 |while not focused on Unix, is more of a college textbook, but also provides
 |in-depth coverage. Here's a book review I wrote about it:
 |
 |https://www.usenix.org/publications/loginonline/computer-security-and-in\
 |ternet

Thank you!!

"But", you know, my email was an accident, i had (and still have)
Aharon Robbins' email (as below) in my $MAIL for all this time
because i wanted to have a deeper (now: "depper", German ;) look
at his list of books.

  Then a Debian bug report (for the MUA i maintain) came along,
  and i tested locally; to get clean config etc i use -:/ command
  line args for that, but *that* then cannot easily access the
  encrypted real storage of emails, instead it goes for $MAIL aka
  /var/mail/$LOGNAME, so we ended with that message; now i do say
  "set mta=test norecord", like this sent messages are not saved
  and go to standard output.  Yet.  *Either* i did "local reply"
  or i did "~:local set ..", or whatever i did, anyhow, the
  *second* reply test did *not* have mta=test (but did have
  *norecord*), and thus it left the box!!  I already apologised to
  Arnold in private, but .. it went over to TUHS even :-( *And*
  Warren waved it through!!

The best i can do to sidekick your pointer is thus quoting
Arnold's message:

arnold at skeeve.com wrote in
 <202505061501.546F10gs1802134 at freefriends.org>:
 |Thanks to everyone who responded.  Besides the original three in
 |my quoted email, here are the additional ones I was recommended
 |and have added to the list in my book.
 |
 |Some were recommended by more than one person. In any case,
 |thank you all!
 |
 |4. Secure Coding in C and C++, 2nd Edition, by Robert Seacord. ISBN-10:
 |0321822137, ISBN-13: 978-0321822130, Addison-Wesley Professional, Reading,
 |Massachusetts, USA, 2013.
 |
 |5. Secure Coding: Principles and Practices, by Mark G. Graff,
 |Kenneth R. Van Wyk, and Debby Russell. ISBN-10: 0596002424, ISBN-13:
 |978-0596002428. O’Reilly Media, Inc., USA, 2003.
 |
 |6. Writing Secure Code, 2nd Edition, by Michael Howard and David
 |LeBlanc. ISBN-10: 0735617228, ISBN-13: 978-0735617223. Microsoft Press,
 |USA, 2003.
 |
 |7. Computer Security and the Internet—Tools and Jewels from
 |Malware to Bitcoin, 2nd Edition, by Paul C. van Oorschot. ISBN-13:
 |978-3-030-83410-4. Springer Nature Switzerland AG, 2021.
 |
 |8. Thinking Security: Stopping Next Year’s Hackers by Steven
 |M. Bellovin. ISBN-10: 0134277546, ISBN-13: 978-0134277547. Addison-Wesley
 |Professional, Reading, Mas- sachusetts, USA, 2015.
 |
 |9. Security Engineering: A Guide to Building Dependable Distributed
 |Systems, 3rd Edi- tion, by Ross Anderson. ISBN-10: 1119642787, ISBN-13:
 |978-1119642787. Wiley, USA, 2020.
 |
 |10. Designing Secure Software: A Guide for Developers, by Loren
 |Kohnfelder. ISBN-10: 1718501927, ISBN-13: 978-1718501928. No Starch Press,
 |USA, 2021.
 |
 |11. Building Secure and Reliable Systems: Best Practices for
 |Designing, Implementing, and Maintaining Systems, by Heather Adkins,
 |Betsy Beyer, Paul Blankinship, Piotr Lewandowski, Ana Oprea, and Adam
 |Stubblefield. ISBN-10: 1492083127, ISBN-13: 978-1492083122. O’Reilly
 |Media, USA, 2020.
 |
 |12. Secure By Design, by Daniel Deogun, Dan Bergh Johnsson, and Daniel
 |Sawano. ISBN-10: 1617294357, ISBN-13: 978-1617294358. Manning, USA, 2019.
 |
 |Aharon Robbins <arnold at skeeve.com> wrote:
 |
 |> Hi All.
 |>
 |> In a book I'm updating, I have the following references for
 |> Unix security.
 |>
 |> 1. Practical UNIX & Internet Security, 3rd edition, by Simson Garfinkel,
 |> Gene Spafford, and Alan Schwartz, O’Reilly & Associates, Sebastopol,
 |> CA, USA, 2003. ISBN-10: 0-596-00323-4, ISBN-13: 978-0596003234.
 |>
 |> 2. Building Secure Software: How to Avoid Security Problems the Right \
 |> Way,
 |> by John Viega and Gary McGraw. Addison-Wesley, Reading, Massachusetts,
 |> USA, 2001. ISBN- 10: 0-201-72152-X, ISBN-13: 978-0201721522.
 |>
 |> 3. “Setuid Demystified,” by Hao Chen, David Wagner, and Drew
 |> Dean. Proceedings of the 11th USENIX Security Symposium, August 5–9,
 |> 2002. http://www.cs.berkeley.  edu/~daw/papers/setuid-usenix02.pdf.
 |>
 |> One of my reviewers asked if these weren't "dusty references".
 |> So, before I just refer to them as "classics", can anyone recommend
 |> more recent books?  Feel free to answer in private.
 |>
 |> Thanks,
 |>
 |> Arnold
 --End of <202505061501.546F10gs1802134 at freefriends.org>

Greetings.

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)

More information about the TUHS mailing list