SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 20

changes.mady.by.user Will Snavely

Saved on

compared with

New Version Current

changes.mady.by.user Kris Kafka

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added PC-lint Plus to Automated Detection Table

...

Possible values for the integrity level SID strings are listed in the following table:

Integrity level SIDName

S-1-16-4096

Mandatory Label\Low Mandatory Level

S-1-16-8192

Mandatory Label\Medium Mandatory Level

S-1-16-12288

Mandatory Label\High Mandatory Level

S-1-16-16384

Mandatory Label\System Mandatory Level

Risk Assessment

Failure to follow the principle of least privilege may allow exploits to execute with elevated privileges.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

WIN02-C

High

Likely

High

P9

L2

Automated Detection

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

BADFUNC.CREATEPROCESS
BADFUNC.CREATETHREAD

Use of CreateProcess
Use of CreateThread

PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

586

Fully supported

Related Guidelines

ISO/IEC TR 24772Adherence to Least Privilege [XYN]
MITRE CWECWE-250, Execution with unnecessary privileges
CWE-272, Least privilege violation

Bibliography

[Saltzer 1974]
 

[Saltzer 1975]
 

[DHS 2006]Least Privilege

...


...