SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 73

changes.mady.by.user Robert Seacord (Manager)

Saved on

compared with

New Version 74

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by NavBot (jp)

...

Wiki Markup
Performing operations on device files that are intended for ordinary character or binary files can result in crashes and denial-of-service attacks.  For example, when Windows attempts to interpret the device name as a file resource, it performs an invalid resource access that usually results in a crash \[[Howard 02|AA. References#HowardBibliography#Howard 02]\] .

Wiki Markup
Device files in UNIX can be a security risk when an attacker can access them in an unauthorized way. For instance, if attackers can read or write to the {{/dev/kmem}} device, they may be able to alter their priority, UID, or other attributes of their process or simply crash the system. Similarly, access to disk devices, tape devices, network devices, and terminals being used by other processes all can lead to problems \[[Garfinkel 96|AA. References#GarfinkelBibliography#Garfinkel 96]\].

On Linux, it is possible to lock certain applications by attempting to open devices rather than files, for example:

...

Wiki Markup
POSIX defines the {{O_NONBLOCK}} flag to {{open()}}, which ensures that delayed operations on a file do not hang the program \[[Open Group 04|AA. References#OpenBibliography#Open Group 04]\].

When opening a FIFO with O_RDONLY or O_WRONLY set:

  • If O_NONBLOCK is set, an open() for reading-only shall return without delay. An open() for writing-only shall return an error if no process currently has the file open for reading.
  • If O_NONBLOCK is clear, an open() for reading-only shall block the calling thread until a thread opens the file for writing. An open() for writing-only shall block the calling thread until a thread opens the file for reading.

When opening a block special or character special file that supports non-blocking opens:

  • If O_NONBLOCK is set, the open() function shall return without blocking for the device to be ready or available. Subsequent behavior of the device is device-specific.
  • If O_NONBLOCK is clear, the open() function shall block the calling thread until the device is ready or available before returning.

Otherwise, the behavior of O_NONBLOCK is unspecified.

...

Wiki Markup
\[[Garfinkel 96|AA. References#GarfinkelBibliography#Garfinkel 96]\] Section 5.6, "Device Files"
\[[Howard 02|AA. References#HowardBibliography#Howard 02]\] Chapter 11, "Canonical Representation Issues"
\[[MITRE 07|AA. References#MITREBibliography#MITRE 07]\] [CWE ID 67|http://cwe.mitre.org/data/definitions/67.html], "Failure to Handle Windows Device Names"
\[[ISO/IEC 9899:1999|AA. References#ISOBibliography#ISO/IEC 9899-1999]\] Section 7.19.4, "Operations on Files"
\[[Open Group 04|AA. References#OpenBibliography#Open Group 04]\] [{{open()}}|http://www.opengroup.org/onlinepubs/009695399/functions/open.html]

...