SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 73

changes.mady.by.user Anirban Gangopadhyay

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM Cost Reform

...

If privilege relinquishment conditions are left unchecked, any flaw in the program may lead to unintended system compromise corresponding to the more privileged user or group account.

Rule

Severity

Likelihood

Detectable

RepairableRemediation Cost

Priority

Level

POS37-C

High

Probablehigh

probableYes

lowYes

P18

L1

Automated Detection

ImplementedSuccess of privilege relinquishment not verified

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V

user_defined

Soundly supported
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-POS37
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

DF4876, DF4877, DF4878


Klocwork
Include Page
Klocwork_V
Klocwork_V

SV.FIU.PROCESS_VARIANTS
SV.USAGERULES.PERMISSIONS


Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

SECURITY-44CERT_C-POS37-a
Ensure that privilege relinquishment is successful

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder

R2016bPrivilege drop not verified

_V

CERT C: Rule POS37-CChecks for priviledge drop not verified (rule fully covered)

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...