Uploaded image for project: 'Rules Repository'
  1. Rules Repository
  2. RSPEC-2610

OS commands should be executed with the lowest possible privileges

    Details

    • Message:
      Ensure that this OS command is executed with the lowest possible privileges.
    • Default Severity:
      Critical
    • Impact:
      High
    • Likelihood:
      Low
    • Targeted languages:
      C#, C, C++, Flex, Java, Objective-C, PHP, Python, Swift, VB.Net
    • Remediation Function:
      Constant/Issue
    • Constant Cost:
      10min
    • CWE:
      CWE-250
    • SANS Top 25:
      Porous Defenses

      Description

      Programs that execute OS commands may potentially open the door to an attacker by doing so. To minimize the risk, such commands should be executed with the lowest possible privileges.

      This rule raises an issue for each OS command and file access.

      Noncompliant Code Example

      chdir("/"); // Noncompliant
      

      See

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              ann.campbell.2 Ann Campbell
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: