One of the basic principles of cloud security is the Principle of Least Privilege. The idea is simple: give every user or process the minimal amount of permissions that are required to get job done.
Let’s say you’d like the following:
- Access Granted;
- To a Particular AWS S3 Bucket;
- To a Single Federated User (or more!);
- AND, you’d also like to deny access to all other users
How do you go about doing that? Well ordinarily what’s a simple undertaking is a bit monkey wrench’d by the issues posed by Federated users.
cppcheck was utilized for the purposes of this learning exercise; Output in the Appendix of the Page (Static Code Analysis output of TinyVM and FreeRDP)
GitHub Projects:
FreeRDP — https://github.com/FreeRDP/FreeRDP
TinyVM — https://github.com/jakogut/tinyvm
FreeRDP Observations
The code *((trio_long_double_t *)target) = infinity; encased in the following block:
if (flags & FLAGS_LONGDOUBLE) {
*((trio_long_double_t *)target) = infinity;
}
returns a “Possible null pointer deference: target” cppcheck error message because of the negligence to add a block check for null before accessing the variables involved in the operation. …
Ramsey Elbasheer
Data Scientist
