...
| Code Block | ||
|---|---|---|
| ||
/* Drop superuser privileges in correct order */
if (setgid(getgid()) == -1) {
/* handle error condition */
}
if (setuid(getuid()) == -1) {
/* handle error condition */
}
/*
* Not possible to regain group privileges due to correct relinquishment order
*/
|
Supplementary Group IDs
...
Compass/ROSE can detect some violations of this rule. In particular, it warns when calls to setgid() are immediately preceded by a call to setuid().
Klocwork Version 8.0.4.16 can detect violations of this rule with the SV.FIU.PERMISSIONS and SV.USAGERULES.PERMISSIONS checkers. See Klocwork Cross Reference
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...