I found that the following case will be reported by raptor-incorrect-order-setuid-setgid, the root cause is that the rule only has a whitelist for the pattern to recover the root privilege with seteuid(0).
void temp_priv_drop_safe()
{
uid_t saved_uid;
struct passwd *pwd;
// ok: raptor-incorrect-order-setuid-setgid
saved_uid = geteuid();
pwd = getpwnam("nobody");
if (pwd != NULL) {
(void)seteuid(pwd->pw_uid);
/* do unprivileged work */
FILE *fp = fopen("/tmp/unpriv_file.txt", "r");
if (fp) fclose(fp);
/* restore original privileges */
(void)seteuid(saved_uid);
}
}The following pattern will help:
- pattern-not-inside: |
$UID = geteuid();
...
<... seteuid($UID) ...>;
Also, the rule now does not support the setreuid/setregid order reverse.
I'd like to open a pr for these if you think they should be improved.
I found that the following case will be reported by
raptor-incorrect-order-setuid-setgid, the root cause is that the rule only has a whitelist for the pattern to recover the root privilege withseteuid(0).The following pattern will help:
Also, the rule now does not support the
setreuid/setregidorder reverse.I'd like to open a pr for these if you think they should be improved.