Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This noncompliant code example also violates FIO02-C. Canonicalize path names originating from untrusted tainted sources and FIO03-C. Do not make assumptions about fopen() and file creation.

...

Another essential step is to drop superuser privileges permanently after these calls . (See see POS02-C. Follow the principle of least privilege). ) The chroot() system call is not secure against the superuser changing the current root directory (if privileges are not dropped). Successful jail creation prevents unintentional file system access even if an attacker gives malicious input, such as through command-line arguments.

...

Failing to follow this recommendation may lead to full-system compromise if a file system vulnerability is discovered and exploited.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

FIO16

POS05-C

medium

Medium

probable

Probable

high

High

P4

L3

Automated Detection

ToolVersionCheckerDescription
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
BADFUNC.CHROOT
MISC.CHROOT.NOCHDIR
Use of chroot
chroot without chdir
Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rec. POS05-C

Checks for file manipulation after chroot() without chdir("/") (rec. fully covered)

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

...

.

...

Bibliography

...


...

Image ModifiedImage ModifiedImage Modified