View Help Online

Start here

Home
About Klocwork
What's new
Fixed issues
Release notes
Installation

Reference

C/C++ checkers
Java checkers
C# checkers
MISRA C 2004 checkers
MISRA C++ 2008 checkers
MISRA C 2012 checkers
MISRA C 2012 checkers with Amendment 1
Commands
Metrics
Troubleshooting
Reference

Product components

C/C++ Integration build analysis
Java Integration build analysis
Desktop analysis
Refactoring
Klocwork Static Code Analysis
Klocwork Code Review
Structure101
Tuning
Custom checkers

Coding environments

Visual Studio
Eclipse for C/C++
Eclipse for Java
IntelliJ IDEA
Other

Administration

Project configuration
Build configuration
Administration
Analysis performance
Server performance
Security/permissions
Licensing
Klocwork Static Code Analysis Web API
Klocwork Code Review Web API

Community

View help online
Visit RogueWave.com
Klocwork Support
Rogue Wave Videos

Legal

Legal information

SV.SIP.CONST

Use of insecure macro for dangerous function

There are several Microsoft Windows functions that can use dangerous macros as parameters, allowing a malicious user to access the registry or run arbitrary command. CreateService may have the parameter set to SERVICE_INTERACTIVE_PROCESS, which can allow a malicious user to interact with the service and run arbitrary commands in a high privilege mode.

The SV.SIP.CONST checker finds instances in which the CreateService function specifies the SERVICE_INTERACTIVE_PROCESS parameter.

Vulnerability and risk

Use of the SERVICE_INTERACTIVE_PROCESS parameter results in inappropriately loose permissions for the access of resources. This practice can compromise the security of the software by allowing attackers to gain privileges, access sensitive information, and possibly execute commands. Resource access should always use the lowest level of privilege required to get the job done.

Mitigation and prevention

These flagged defects should be reviewed, and the identified parameters replaced with safer macros or code that ensures lower privileges are enforced.

Vulnerable code example

 1 SC_HANDLE foo(SC_HANDLE hSCManager, LPCTSTR lpServiceName, LPCTSTR lpDisplayName,
 2               DWORD dwDesiredAccess, DWORD dwStartType, DWORD dwErrorControl, 
 3               LPCTSTR lpBinaryPathName, LPCTSTR lpLoadOrderGroup, LPDWORD lpdwTagId, 
 4               LPCTSTR lpDependencies, LPCTSTR lpServiceStartName, LPCTSTR lpPassword)
 5 {
 6     return CreateService(hSCManager, lpServiceName, lpDisplayName,
 7                          dwDesiredAccess, SERVICE_INTERACTIVE_PROCESS,
 8                          dwStartType, dwErrorControl, 
 9                          lpBinaryPathName, lpLoadOrderGroup, lpdwTagId, 
10                          lpDependencies, lpServiceStartName, lpPassword);
11 }

The defect is reported at line 6, indicating that function CreateService is using macro SERVICE_INTERACTIVE_PROCESS as its desired access parameter. Using this loose access permission macro causes a vulnerability in the code that could result in attackers compromising the security of the software. The issue should be reviewed and SERVICE_INTERACTIVE_PROCESS replaced with a safer macro or code that ensures lower privilege use.

Related checkers

External guidance

Parent topic: Lowest possible privilege
Previous topic: SV.LPP.VAR
Next topic: SV.SIP.VAR

© Rogue Wave Software, Inc. All rights reserved. | Contact