SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 38

changes.mady.by.user Shannon Haas

Saved on

compared with

New Version 39

changes.mady.by.user Shannon Haas

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

Wiki MarkupThe principle of least privilege states that every program and every user of the system should operate using the least set of privileges necessary to complete the job \[ [Saltzer 1974|AA. Bibliography#Saltzer 74], [Saltzer 1975|AA. Bibliography#Saltzer 75]\]. The Build Security In website \[ [DHS 2006|AA. Bibliography#DHS 06]\] provides additional definitions of this principle. Executing with minimal privileges mitigates against exploitation in case a vulnerability is discovered in the code.

Noncompliant Code Example

...

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

POS02-C

high

likely

high

P9

L2

Related Vulnerabilities

Wiki Markup[CVE-2009-2031|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2031] results from a violation of this recommendation. OpenSolaris in smbfs snv_84 through snv_110 sets permissions based on mount point options and not actual user information (obtained from the {{getuid()}} and {{getgid()}} functions). An attacker can exploit this to achieve higher permissions. Also, in a certain initialization mode, the code grants read, write, and execute permissions to users other than the owner, which can be exploited to make files world readable \ [[xorl 2009|http://xorl .wordpress.com/ 2009/06/14/opensolaris-cifssmb-invalid-file-flags/]\].

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

MITRE CWE: CWE-272, "Least Privilege Violation"

Bibliography

...

\[[DHS 2006|AA. Bibliography#DHS 06] \] [Least Privilege |https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/principles/351.html] \[[Saltzer 1974|AA. Bibliography#Saltzer 74]\] \[[Saltzer 1975|AA. Bibliography#Saltzer 75]\] \[[Wheeler 2003|AA. Bibliography#Wheeler 03]\] [Section Privilege
[Saltzer 1974]
[Saltzer 1975]
[Wheeler 2003] Section 7.4, "Minimize Privileges"|http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/minimize-privileges.html] \[[xorl 2009|AA. Bibliography#xorl 2009]\] ["OpenSolaris CIFS/SMB Invalid File Flags"|http://xorl.wordpress.com/2009/06/14/opensolaris-cifssmb-invalid-file-flags/]
[xorl 2009] "OpenSolaris CIFS/SMB Invalid File Flags"

...

      50. POSIX (POS)      POS03-C. Do not use volatile as a synchronization primitive