Improper Ownership Management |
Weakness ID: 282 (Weakness Class) | Status: Draft |
Description Summary
The software assigns the wrong ownership, or does not properly verify the ownership, of an object or resource.
Reference | Description |
---|---|
CVE-1999-1125 | Program runs setuid root but relies on a configuration file owned by a non-root user. |
Very carefully manage the setting, management and handling of privileges and permissions. Explicitly manage trust zones in the software. |
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ChildOf | Category | 264 | Permissions, Privileges, and Access Controls | Development Concepts (primary)699 |
ChildOf | Category | 632 | Weaknesses that Affect Files or Directories | Resource-specific Weaknesses (primary)631 |
ChildOf | Weakness Class | 664 | Improper Control of a Resource Through its Lifetime | Research Concepts (primary)1000 |
ParentOf | Weakness Base | 283 | Unverified Ownership | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | Weakness Base | 708 | Incorrect Ownership Assignment | Development Concepts (primary)699 Research Concepts (primary)1000 |
The relationships between privileges, permissions, and actors (e.g. users and groups) need further refinement within the Research view. One complication is that these concepts apply to two different pillars, related to control of resources (CWE-664) and protection mechanism failures (CWE-396). |
Submissions | ||||
---|---|---|---|---|
Submission Date | Submitter | Organization | Source | |
PLOVER | Externally Mined | |||
Modifications | ||||
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Maintenance Notes, Relationships, Taxonomy Mappings | ||||
2009-12-28 | CWE Content Team | MITRE | Internal | |
updated Potential Mitigations | ||||
Previous Entry Names | ||||
Change Date | Previous Entry Name | |||
2008-04-11 | Ownership Issues | |||