SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 17

changes.mady.by.user Alex Volkovitsky

Saved on

compared with

New Version 18

changes.mady.by.user Justin Pincar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#ffcccc
/* Program running with elevated privileges where argv[1] 
 * and argv[2] are supplied by the user */

char x[100];
FILE *fp = fopen(argv[1],"w");     

strncpy(x, argv[2], 100);
x[100] = '\0';

/* Write operation to an unintended file like /etc/passwd 
 * gets executed  */
fwrite(x, sizeof(x[0]), sizeof(x)/sizeof(x[0]), fp);   /*  Write operation to an unintended file like /etc/passwd gets executed  */

Wiki Markup
An attacker can control the value of {{argv\[1\]}} and consequently access any resource on the filesystem.

...

Code Block
bgColor#ccccff
/*
 * Make sure that the ~/chroot/jail directory exists within 
 * the current working directory 
 *. Also assign appropriate 
 * permissions to the directory to restrict access. Close 
 * Close all file system descriptors to outside resources lest 
 * they escape the jail.
 */

if (setuid(0) == -1) {
  /* Handle Error */
}

if (chroot("~/chroot/jail") == -1) {
  /* Handle Error */
}

if (chdir("/") == -1) {
  /* Handle Error */   }

/* Drop privileges permanently */
if (setgid(getgid()) == -1) {
  /* Handle Error */
}

if (setuid(getuid()) == -1) {
  /* Handle Error */
}

/* Perform unprivileged operations */

FILE* fp = fopen(argv[1], "w");

...