Create rule S5849: Setting capabilities is security-sensitive

rules/S5849/ansible/metadata.json

@@ -0,0 +1,2 @@
+{
+}

rules/S5849/ansible/rule.adoc

@@ -0,0 +1,47 @@
+include::../common/description.adoc[]
+
+== Ask Yourself Whether
+
+include::../common/ask-yourself.adoc[]
+
+== Recommended Secure Coding Practices
+
+include::../common/recommended.adoc[]
+
+== Sensitive Code Example
+
+[source,yaml]
+----
+- name: Set cap_sys_chroot+ep on /usr/bin/example
+  community.general.capabilities:
+    path: /usr/bin/example
+    capability: cap_sys_admin+ep  # Sensitive
+    state: present
+----
+
+== See
+
+* CWE - https://cwe.mitre.org/data/definitions/250[CWE-250 - Execution with Unnecessary Privileges]
+* CWE - https://cwe.mitre.org/data/definitions/266[CWE-266 -  Incorrect Privilege Assignment]
+* https://kubernetes.io/docs/tasks/configure-pod-container/security-context/[Kubernetes Documentation] - Configure a Security Context for a Pod or Container
+* https://man7.org/linux/man-pages/man7/capabilities.7.html[Linux manual page] - capabilities(7)
+
+
+ifdef::env-github,rspecator-view[]
+
+'''
+== Implementation Specification
+(visible only on this page)
+
+=== Message
+
+Make sure setting capabilities is safe here.
+
+
+'''
+== Comments And Links
+(visible only on this page)
+
+
+
+endif::env-github,rspecator-view[]

rules/S5849/common/ask-yourself.adoc

@@ -0,0 +1,6 @@
+Capabilities are granted:
+
+* To a process that does not require all capabilities to do its job.
+* To a not trusted process.
+
+There is a risk if you answered yes to any of those questions.

rules/S5849/common/description.adoc

@@ -0,0 +1,5 @@
+Setting capabilities can lead to privilege escalation and container escapes.
+
+Linux capabilities allow you to assign narrow slices of ``++root++``'s permissions to processes. A thread with capabilities bypasses the normal kernel security checks to execute high-privilege actions such as mounting a device to a directory, without requiring additional root privileges.
+
+In a container, capabilities might allow to access resources from the host system which can result in container escapes. For example, with the capability ``++SYS_ADMIN++`` an attacker might be able to mount devices from the host system inside of the container.

rules/S5849/common/recommended.adoc

@@ -0,0 +1,4 @@
+Capabilities are high privileges, traditionally associated with superuser (root),
+thus make sure that the most restrictive and necessary capabilities are assigned.
+
+In the best case, no capabilities should be granted at all.

rules/S5849/kubernetes/rule.adoc

@@ -1,24 +1,12 @@
-Setting capabilities can lead to privilege escalation and container escapes.
-
-Linux capabilities allow you to assign narrow slices of ``++root++``'s permissions to processes. A thread with capabilities bypasses the normal kernel security checks to execute high-privilege actions such as mounting a device to a directory, without requiring additional root privileges.
-
-In a container, capabilities might allow to access resources from the host system which can result in container escapes. For example, with the capability ``++SYS_ADMIN++`` an attacker might be able to mount devices from the host system inside of the container.
-
+include::../common/description.adoc[]
 
 == Ask Yourself Whether
 
-Capabilities are granted:
-
-* To a process that does not require all capabilities to do its job.
-* To a not trusted process.
-
-There is a risk if you answered yes to any of those questions.
-
+include::../common/ask-yourself.adoc[]
 
 == Recommended Secure Coding Practices
 
-Capabilities are high privileges, traditionally associated with superuser (root), thus make sure that the most restrictive and necessary capabilities are assigned.
-
+include::../common/recommended.adoc[]
 
 == Sensitive Code Example