19 lines
518 B
Plaintext
19 lines
518 B
Plaintext
Programs that execute OS commands may potentially open the door to an attacker by doing so. To minimize the risk, such commands should be executed with the lowest possible privileges.
|
|
|
|
|
|
This rule raises an issue for each OS command and file access.
|
|
|
|
|
|
== Noncompliant Code Example
|
|
|
|
----
|
|
chdir("/"); // Noncompliant
|
|
----
|
|
|
|
|
|
== See
|
|
|
|
* https://cwe.mitre.org/data/definitions/250.html[MITRE, CWE-250] - Execution with Unnecessary Privileges
|
|
* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses
|
|
|