...
Failing to observe the correct revocation order while relinquishing privileges allows an attacker to regain elevated privileges.
Rule | Severity | Likelihood |
|---|
Detectable | Repairable | Priority | Level |
|---|---|---|---|
POS36-C |
High | Probable |
Yes |
Yes |
P18 | L1 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| user_defined | Soundly supported | ||||||
| Axivion Bauhaus Suite |
| CertC-POS36 | |||||||
| Compass/ROSE |
Can detect some violations of this rule. In particular, it warns when calls to | |||||||||
| Helix QAC |
| DF4891, DF4892, DF4893 | |||||||
| Klocwork |
| SV. |
USAGERULES.PERMISSIONS |
SV.USAGERULES.PERMISSIONS
| Parasoft C/C++test |
| CERT_C-POS36-a | Observe correct revocation order while relinquishing privileges | ||||||
| CERT C: Rule POS36-C | Checks for bad order of dropping privileges (rule fully covered) |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Key here (explains table format and definitions)
Taxonomy | Taxonomy item | Relationship |
|---|---|---|
| ISO/IEC TR 24772 | Privilege Sandbox Issues [XYO] |
| Prior to 2018-01-12: CERT: Unspecified Relationship | |
| CWE 2.11 | CWE- |
| 696, Incorrect behavior order | 2017-07-07: CERT: Rule subset of CWE |
CERT-CWE Mapping Notes
Key here for mapping notes
CWE-696 and POS36-C
CWE-696
...
= Union( POS36-C, list) where list =
- Misordered executions besides dropping group privileges before dropping user privileges
Bibliography
| [Chen 2002] | "Setuid Demystified" |
| [Dowd 2006] | Chapter 9, "UNIX I: Privileges and Files" |
| [Open Group 2004] | setuid()setgid() |
| [Tsafrir 2008] | "The Murky Issue of Changing Process Identity: Revising 'Setuid Demystified'" |
...
...