SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 72

changes.mady.by.user Will Snavely

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM Cost Reform

...

Failing to follow this recommendation may lead to full-system compromise if a file system vulnerability is discovered and exploited.

Recommendation

Severity

Likelihood

Remediation Cost

Detectable

Repairable

Priority

Level

POS05-C

Medium

Probable

High

No

No

P4

L3

Automated Detection

ToolVersionCheckerDescription
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
BADFUNC.CHROOT
MISC.CHROOT.NOCHDIR
Use of chroot
chroot without chdir
Klocwork
Include Page
Klocwork_V
Klocwork_V
CERT.CHROOT
CERT.CHROOT.CHDIR


Polyspace Bug Finder

Include Page
Polyspace Bug Finder

R2016a

_V
Polyspace Bug Finder_V

CERT C: Rec. POS05-C

Checks for file

File

manipulation after chroot() without chdir("/")

Path-related vulnerabilities for file manipulated after call to chroot

(rec. fully covered)

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Bibliography

[Wheeler 2003]Section 7.4, "Minimize Privileges"

...


...