SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 63

changes.mady.by.user Anirban Gangopadhyay

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM Cost Reform

...

Failing to observe the correct revocation order while relinquishing privileges allows an attacker to regain elevated privileges.

Rule

Severity

Likelihood

Detectable

RepairableRemediation Cost

Priority

Level

POS36-C

High

Probablehigh

probableYes

mediumYes

P12P18

L1

Automated Detection

ImplementedBad Dropped higher elevated privileges before dropping lower elevated privileges

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V

user_defined

Soundly supported
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-POS36
Compass/ROSE



Can detect some violations of this rule. In particular, it warns when calls to setgid() are immediately preceded by a call to setuid()

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

DF4891, DF4892, DF4893


Klocwork
Include Page
Klocwork_V
Klocwork_V
SV.FIU.PROCESS_VARIANTS

SV.USAGERULES.PERMISSIONS
SV.USAGERULES.PROCESS_VARIANTS


Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

SECURITY-44CERT_C-POS36-a

Observe correct revocation order while relinquishing privileges

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule POS36-CChecks for bad order of dropping privileges (rule fully covered)

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...