Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CPP: Add query for CWE-266 Incorrect Privilege Assignment #6949

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

CPP: Add query for CWE-266 Incorrect Privilege Assignment #6949

wants to merge 3 commits into from

Conversation

Reviewers

@intrigus-lgtm intrigus-lgtm

@github/codeql-c-analysis codeql-c-analysis

At least 1 approving review is required to merge this pull request.

Assignees

@geoffw0 geoffw0

Labels
C++ documentation
Projects
None yet
Milestone
No milestone
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants
@ihsinme @intrigus-lgtm @geoffw0
@ihsinme
Copy link
Contributor

@ihsinme ihsinme commented Oct 25, 2021

The request looks for situations of incorrect work with setting access rights. Firstly, this is the use of arithmetic to calculate the access mask, and secondly, the use of the same mask in opposite functions, and thirdly, the use of a sufficiently wide mask.

CVE-2013-6412
CVE-2018-14348
CVE-2013-2007
CVE-2001-0859

links to real work results, I will add later. I am currently working on them with developers.
ihsinme added 2 commits Oct 25, 2021
@ihsinme
Add files via upload
6173b11
@ihsinme
Add files via upload
a33c076
@ihsinme ihsinme requested a review from as a code owner Oct 25, 2021
intrigus-lgtm
intrigus-lgtm reviewed Oct 25, 2021
View changes
cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.cpp Outdated
fchmod(fileno(fp), 0555 & ~curumsk); // GOOD
...
umask(0666);
chmod(0666); // BAD
Copy link
Contributor

@intrigus-lgtm intrigus-lgtm Oct 25, 2021

Why is this bad?
I did not understand this after looking at the qhelp and the referenced "CERT C Coding Standard".

Copy link
Contributor Author

@ihsinme ihsinme Oct 25, 2021

the mask in these two functions is used with opposite meanings. in one case as a deny mask and in the other as a permit mask.

Copy link
Contributor

@intrigus-lgtm intrigus-lgtm Oct 25, 2021

I'm sorry but I still do not understand WHY this is bad?
What is the security impact of using the same mask once as a deny mask and another time as a permit mask?

Copy link
Contributor Author

@ihsinme ihsinme Oct 25, 2021

no need to apologize for the question.
this will affect security as it will not have the correct access rights. more precisely, not the ones that the developer wanted to install.
in this case, two scenarios of exposure are possible. the first access will be limited or redundant.

ps By the way, thanks for fixing the example file.

@ihsinme
Update IncorrectPrivilegeAssignment.cpp
41e15cd
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment