...
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
Compass/ROSE |
|
| Can detect some violations of this rule. In particular, it warns when calls to | ||||||
| SV.FIU.PERMISSIONS |
|
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
...
| Privilege Sandbox Issues [XYO] | |
| MITRE CWE |
...
...
| Execution with unnecessary privileges |
...
...
...
| -696, |
...
| Incorrect behavior order |
...
...
Bibliography
| [Chen 2002] | "Setuid Demystified" |
| [Dowd 2006] | Chapter 9, "UNIX I: Privileges and Files" |
| [Open Group 2004] |
...
...
...
| [Tsafrir 2008] | "The Murky Issue of Changing Process Identity: Revising 'Setuid Demystified'" |
...