⚠
BowTie Risk
Assessments
Hazards
Library
Implementations
Guide
← Back
Edit Threat
Name
Category
Tags
(comma-separated)
Description
An adversary may abuse configurations where an application has the setuid or setgid bits set in order to get code running in a different (and possibly more privileged) user’s context. On Linux or macOS, when the setuid or setgid bits are set for an application binary, the application will run with the privileges of the owning user or group respectively. Normally an application is run in the current user’s context, regardless of which user or group owns the application. However, there are instanc
Save changes
Cancel