...
Noncompliant Code Example (information outflow)
Another possible vulnerability is the leak of privileged information. In the above example, suppose a user with high privilege feed some secret input into the caller, then caller will pass the info to foo. When doing static code analysis of foo interface, because no parameter is specified, it is easy to assume there's no way that foo can retrieve info from caller. However, because the value of i is really passed into stack (before the return address of caller), a malicious programmer can change the internal implmentation and copy the value manually and contain it in a less privileged file.
| Code Block | ||
|---|---|---|
| ||
/* compile using gcc4.3.3 */
void foo () {
/* use asm code to retrieve i
* implicitly from caller
* and transfer it to a less privilege file */
}
...
/* caller */
foo(i); /* i is fed from user input */
|
...
Compliant Solution (information outflow)
...