-
Notifications
You must be signed in to change notification settings - Fork 51
/
unchecked-ret-setuid-seteuid.yaml
37 lines (37 loc) · 1.49 KB
/
unchecked-ret-setuid-seteuid.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
rules:
- id: raptor-unchecked-ret-setuid-seteuid
metadata:
author: Marco Ivaldi <raptor@0xdeadbeef.info>
references:
- https://cwe.mitre.org/data/definitions/252
- https://lwn.net/Articles/451985/
- https://www.usenix.org/legacy/events/sec02/full_papers/chen/chen.pdf
- https://www.openwall.com/lists/oss-security/2023/12/30/4
confidence: MEDIUM
message: >-
The software does not check the return value from a method or
function, which can prevent it from detecting unexpected states and
conditions. If the program calls a function to drop privileges but
does not check the return code to ensure that privileges were
successfully dropped, then the program will continue to operate with
the higher privileges.
severity: WARNING
languages:
- c
- cpp
patterns:
- pattern: $FUN(...)
- metavariable-pattern:
metavariable: $FUN
pattern-either:
- pattern: setuid
- pattern: seteuid
- pattern-not-inside: $RET = $FUN(...)
- pattern-not-inside: <... $FUN(...) == $VAL ...>
- pattern-not-inside: <... $VAL == $FUN(...) ...>
- pattern-not-inside: <... $FUN(...) != $VAL ...>
- pattern-not-inside: <... $VAL != $FUN(...) ...>
- pattern-not-inside: <... $FUN(...) < $VAL ...>
- pattern-not-inside: <... $VAL > $FUN(...) ...>
- pattern-not-inside: <... !$FUN(...) ...>
- pattern-not-inside: return $FUN(...);