Difference between revisions of "Least Privilege Violation"

From OWASP
Jump to: navigation, search
Line 67: Line 67:
 
* [[Least privilege]]
 
* [[Least privilege]]
  
[[Category:FIXME|add links
 
 
In addition, one should classify vulnerability based on the following subcategories: Ex:<nowiki>[[Category:Error Handling Vulnerability]]</nowiki>
 
 
Availability Vulnerability
 
 
Authorization Vulnerability
 
 
Authentication Vulnerability
 
 
Concurrency Vulnerability
 
 
Configuration Vulnerability
 
 
Cryptographic Vulnerability
 
 
Encoding Vulnerability
 
 
Error Handling Vulnerability
 
 
Input Validation Vulnerability
 
 
Logging and Auditing Vulnerability
 
 
Session Management Vulnerability]]
 
  
 
__NOTOC__
 
__NOTOC__
Line 97: Line 72:
  
 
[[Category:OWASP ASDR Project]]
 
[[Category:OWASP ASDR Project]]
[[Category:Access Control Vulnerability]]
+
[[Category:Authorization Vulnerability]]
 
[[Category:C]]
 
[[Category:C]]
 
[[Category:Code Snippet]]
 
[[Category:Code Snippet]]

Revision as of 09:58, 9 October 2008

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.


This article includes content generously donated to OWASP by Fortify.JPG.

Last revision (mm/dd/yy): 10/9/2008

Vulnerabilities Table of Contents

ASDR Table of Contents

Contents


Description

The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed.

When a program calls a privileged function, such as chroot(), it must first acquire root privilege. As soon as the privileged operation has completed, the program should drop root privilege and return to the privilege level of the invoking user.


Risk Factors

TBD

Examples

The following code calls chroot() to restrict the application to a subset of the filesystem below APP_HOME in order to prevent an attacker from using the program to gain unauthorized access to files located elsewhere. The code then opens a file specified by the user and processes the contents of the file.

	...
	chroot(APP_HOME);
	chdir("/");
	
	FILE* data = fopen(argv[1], "r+"); 
	...

Constraining the process inside the application's home directory before opening any files is a valuable security measure. However, the absence of a call to setuid() with some non-zero value means the application is continuing to operate with unnecessary root privileges. Any successful exploit carried out by an attacker against the application can now result in a privilege escalation attack because any malicious operations will be performed with the privileges of the superuser. If the application drops to the privilege level of a non-root user, the potential for damage is substantially reduced.


Related Attacks


Related Vulnerabilities


Related Controls


Related Technical Impacts


References