Morioh
Login
Abigale Yundt

Abigale Yundt

3 years ago

Libraries and system utilities form the foundations on which larger projects are built. So it’s critical to make sure they, in particular, are secure. That’s why we recently introduced five new rules for C++ and C to detect broken authentication and access control in *nix systems. The new rules fall into three categories: account validity, granting permissions, and changing directories.

Account validity

For account validity, we’ve added a Security Vulnerability rule: S5832 - Account validity should be verified when authenticating users with PAM. It turns out that it’s entirely possible for a user with an invalid account - one that is locked or expired - to authenticate successfully. As a utility writer, you need to verify both successful authentication and account validity. Otherwise, you could be letting in people who wish the organization harm, such as a former employee whose account has been disabled.

#security #sast #cpp #cplusplus #good-company #c++

Lay a strong foundation by writing secure C and C++ utilities

hackernoon.com

Lay a strong foundation by writing secure C and C++ utilities

Libraries and system utilities form the foundations on which larger projects are built. So it's critical to make sure they, in particular, are secure. That's why we recently introduced five new rules for C++ and C to detect broken authentication and access control in *nix systems. The new rules fall into three categories: account validity, granting permissions, and changing directories. 

1.05 GEEK