O'Reilly logo

24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them by John Viega, David LeBlanc, Michael Howard

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

SIN 16EXECUTING CODE WITH TOO MUCH PRIVILEGE

OVERVIEW OF THE SIN

The sin of failing to use least privilege is a design issue that allows attackers to create more damage when a failure does happen. Software will fail at some point in its lifetime, and if that code is made to fail in a way that can allow an attacker to run malicious code, then that code usually executes with the privileges assigned to the vulnerable process. For example, if a process runs with Administrative (Windows) or root (Linux or Mac OS X or BSD) privileges and there’s an integer overflow bug (Sin 7) in that code that leads to code execution, then the malicious payload will also run as Administrator or root. Another example is an attacker accessing data that attacker should ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required