...
This noncompliant code example also violates FIO02-C. Canonicalize path names originating from untrusted tainted sources and FIO03-C. Do not make assumptions about fopen() and file creation.
...
Another essential step is to drop superuser privileges permanently after these calls . (See see POS02-C. Follow the principle of least privilege). ) The chroot()
system call is not secure against the superuser changing the current root directory (if privileges are not dropped). Successful jail creation prevents unintentional file system access even if an attacker gives malicious input, such as through command-line arguments.
...
Failing to follow this recommendation may lead to full-system compromise if a file system vulnerability is discovered and exploited.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
POS05-C |
Medium |
Probable |
High | P4 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
CodeSonar |
| BADFUNC.CHROOT MISC.CHROOT.NOCHDIR | Use of chroot | ||||||
Polyspace Bug Finder |
| CERT C: Rec. POS05-C | Checks for file manipulation after chroot() without chdir("/") (rec. fully covered) |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
...
.
...
Bibliography
...
...