SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 2

changes.mady.by.user Dhruv Mohindra

Saved on

compared with

New Version 3

changes.mady.by.user Robert Seacord

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#ffcccc

int establish()  
{
  struct sockaddr_in sa;              /*  This will store the listening socket's address  */
  int s;                              /*  This will hold the listening socket  */

  /*  Fill up the structure with address and port number  */

  sa.sin_port = htons(portnum);

  /*  Other system calls like socket()  */

  if (bind(s, (struct sockaddr *) &sa, sizeof(struct sockaddr_in)) < 0) {
    /* Perform cleanup */  
  }  

  /* Return */
}

int main(void)
 {
   int s = establish();

  /*  Block with accept() until a client connects  */
   
   switch(fork())
   {
      case -1 :  /* Error, clean up and quit */
      case  0 :  /* This is the child, handle the client */
      default :  /* This is the parent, continue blocking */
   }
}

A vulnerability (if uncovereddiscovered) in the main body of the program will allow an attacker to execute arbitrary code. This malicious code will end up running run with elevated privileges.

...

Code Block
bgColor#ccccff

/*  Code with elevated privileges  */

int establish() 
{
  struct sockaddr_in sa;              /*  This will store the listening socket's address  */
  int s;                              /*  This will hold the listening socket  */

  /* Fill up the structure with address and port number */

  sa.sin_port = htons(portnum);

  /* Other system calls like socket() */

  if (bind(s, (struct sockaddr *) &sa, sizeof(struct sockaddr_in)) < 0)  { 
    /* Perform cleanup */  
  }

  /* Return */  
}

int main(void)
 {
   int s = establish();

   if (setuid(getuid()) == -1) {   /* Drop privileges permanently */
   {
        /*  Handle the error  */
   }

  /* Block with accept() until a client connects */
      
   switch(fork())
   {
      case -1: /* Error, clean up and quit */
      case  0: /* Close all open file descriptors
                * This is the child, handle the client 
                */
      default: /* This is the parent, continue blocking */
   }
}

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[DHSCWE - 05272|AA. C References#CWE References#DHS- 05272]\] [Least Privilege Violation | httpshttp://buildsecurityincwe.us-certmitre.govorg/daisydata/bsi/articles/knowledge/principles/351definitions/272.html]
Wiki Markup

\[[CWEDHS - 27205|AA. C References#CWEReferences#DHS - 27205]\] [Least Privilege Violation | httphttps://cwebuildsecurityin.mitre.org/data/definitions/272.html]
Wiki Markup
us-cert.gov/daisy/bsi/articles/knowledge/principles/351.html]
\[[Wheeler 03|AA. C References#Wheeler 03]\] [Section 7.4, "Minimize Privileges"| http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/minimize-privileges.html]

...