 
                            ...
Failing to observe the correct revocation order while relinquishing privileges allows an attacker to regain elevated privileges.
| Rule | Severity | Likelihood | 
|---|
| Detectable | Repairable | Priority | Level | 
|---|---|---|---|
| POS36-C | 
| High | Probable | 
| Yes | 
| Yes | 
| P18 | L1 | 
...
Automated Detection
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée | 
 | user_defined | Soundly supported | ||||||
| Axivion Bauhaus Suite | 
 | CertC-POS36 | |||||||
| Compass/ROSE | 
| Can detect some violations of this rule. In particular, it warns when calls to  | |||||||||
| Helix QAC | 
 | DF4891, DF4892, DF4893 | |||||||
| Klocwork | 
 | SV. | 
| USAGERULES.PERMISSIONS | 
SV.USAGERULES.PERMISSIONS
| Parasoft C/C++test | 
 | CERT_C-POS36-a | Observe correct revocation order while relinquishing privileges | ||||||
| 
 | CERT C: Rule POS36-C | Checks for bad order of dropping privileges (rule fully covered) | 
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Key here (explains table format and definitions)
| Taxonomy | Taxonomy item | Relationship | 
|---|---|---|
| ISO/IEC TR 24772 | Privilege Sandbox Issues [XYO] | 
| Prior to 2018-01-12: CERT: Unspecified Relationship | |
| CWE 2.11 | CWE- | 
| 696, Incorrect behavior order | 2017-07-07: CERT: Rule subset of CWE | 
CERT-CWE Mapping Notes
Key here for mapping notes
CWE-696 and POS36-C
CWE-696
...
= Union( POS36-C, list) where list =
- Misordered executions besides dropping group privileges before dropping user privileges
Bibliography
| [Chen 2002] | "Setuid Demystified" | 
| [Dowd 2006] | Chapter 9, "UNIX I: Privileges and Files" | 
| [Open Group 2004] | setuid()setgid() | 
| [Tsafrir 2008] | "The Murky Issue of Changing Process Identity: Revising 'Setuid Demystified'" | 
...
...