Incorrect Order of setuid and setgid Calls

Description

A compromised process might be able to regain elevated group privileges if set(e)gid() is called after set(e)uid(). This can occur when privileges are temporarily dropped with seteuid() and then setuid() or seteuid() are called while under an unprivileged user.

Examples

Insecure Code

setuid(getuid());
setgid(getgid());

Secure Code

setgid(getgid());
setuid(getuid());

Remediation

Ensure that set(e)gid() is called before set(e)uid() to prevent a compromised process from regaining elevated group privileges.

Rule Details

Field	Value
ID	CODE-0473
Category	AccessControl
Severity	HIGH
CWE	CWE-696
Confidence	MEDIUM
Impact	HIGH
Likelihood	MEDIUM
Exploitability	MODERATE
Tags	privilege escalation, setuid, setgid
OWASP	N/A

References

https://www.usenix.org/legacy/events/sec02/full_papers/chen/chen.pdf
https://cwe.mitre.org/data/definitions/696
https://github.com/struct/mms
https://g.co/kgs/PCHQjJ

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Incorrect Order of setuid and setgid Calls

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Incorrect Order of setuid and setgid Calls ​

Description ​

Examples ​

Insecure Code ​

Secure Code ​

Remediation ​

Rule Details ​

References ​

Incorrect Order of setuid and setgid Calls

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details

References