SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 19

changes.mady.by.user Sandy Shrum

Saved on

compared with

New Version Current

changes.mady.by.user Francesco Mariani

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Possible values for the integrity level SID strings are listed in the following table:

Integrity level SIDName

S-1-16-4096

Mandatory Label\Low Mandatory Level

S-1-16-8192

Mandatory Label\Medium Mandatory Level

S-1-16-12288

Mandatory Label\High Mandatory Level

S-1-16-16384

Mandatory Label\System Mandatory Level

Risk Assessment

Failure to follow the principle of least privilege may allow exploits to execute with elevated privileges.

Recommendation

Severity

Likelihood

Remediation Cost

Detectable

Repairable

Priority

Level

WIN02-C

High

Likely

High

Yes

No

P9

P18

L2

L1

Automated Detection

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

BADFUNC.CREATEPROCESS


BADFUNC.CREATETHREAD

Use of CreateProcess


Use of CreateThread

PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

586

Fully supported

Security Reviewer - Static Reviewer

Include Page
Security Reviewer - Static Reviewer_V
Security Reviewer - Static Reviewer_V

UNSAFE_05

Fully implemented

Related Guidelines

ISO/IEC TR 24772Adherence to Least Privilege [XYN]
MITRE CWECWE-250, Execution with unnecessary privileges
CWE-272, Least privilege violation

Bibliography

[Saltzer 1974]
 

[Saltzer 1975]
 

[DHS 2006]Least Privilege

...


...

Image ModifiedImage ModifiedImage Modified