Kingdom: Security Features
Software security is not security software. Here we're concerned with topics like authentication, access control, confidentiality, cryptography, and privilege management.
File Permission Manipulation
Abstract
Allowing user input to directly alter file permissions might enable an attacker to access otherwise protected system resources.
Explanation
File permission manipulation errors occur when any of the following conditions are met:
1. An attacker might specify a path used in an operation that modifies permissions on the file system.
2. An attacker might specify the permissions assigned by an operation on the file system.
Example 1: The following code uses input from system environment variables to set file permissions. If attackers can alter the system environment variables, they might use the program to gain access to files manipulated by the program. If the program is also vulnerable to path manipulation, an attacker might use this vulnerability to access arbitrary files on system.
1. An attacker might specify a path used in an operation that modifies permissions on the file system.
2. An attacker might specify the permissions assigned by an operation on the file system.
Example 1: The following code uses input from system environment variables to set file permissions. If attackers can alter the system environment variables, they might use the program to gain access to files manipulated by the program. If the program is also vulnerable to path manipulation, an attacker might use this vulnerability to access arbitrary files on system.
permissions := strconv.Atoi(os.Getenv("filePermissions"));
fMode := os.FileMode(permissions)
os.chmod(filePath, fMode);
...
desc.dataflow.golang.file_permission_manipulation
Abstract
Allowing user input to directly alter file permissions may enable an attacker to access otherwise protected system resources.
Explanation
File permission manipulation errors occur when any of the following conditions are met:
1. An attacker is able to specify a path used in an operation that modifies permissions on the file system.
2. An attacker is able to specify the permissions assigned by an operation on the file system.
Example 1: The following code uses input from system properties to set the default permission mask. If attackers can alter the system properties, they may use the program to gain access to files manipulated by the program. If the program is also vulnerable to path manipulation, an attacker may use this vulnerability to access arbitrary files on system.
1. An attacker is able to specify a path used in an operation that modifies permissions on the file system.
2. An attacker is able to specify the permissions assigned by an operation on the file system.
Example 1: The following code uses input from system properties to set the default permission mask. If attackers can alter the system properties, they may use the program to gain access to files manipulated by the program. If the program is also vulnerable to path manipulation, an attacker may use this vulnerability to access arbitrary files on system.
String permissionMask = System.getProperty("defaultFileMask");
Path filePath = userFile.toPath();
...
Set<PosixFilePermission> perms = PosixFilePermissions.fromString(permissionMask);
Files.setPosixFilePermissions(filePath, perms);
...
References
[1] FIO01-J. Create files with appropriate access permissions CERT
desc.dataflow.java.file_permission_manipulation
Abstract
Allowing user input to directly alter file permissions may enable an attacker to access otherwise protected system resources.
Explanation
File permission manipulation errors occur when any of the following conditions are met:
1. An attacker is able to specify a path used in an operation that modifies permissions on the file system.
2. An attacker is able to specify the permissions assigned by an operation on the file system.
Example: The following code is designed to set proper file permissions for users uploading Web pages through FTP. It uses input from an HTTP request to mark a file as viewable for external users.
However, if an attacker provides a malicious value for
Example 2: The following code uses input from a configuration file to set the default permission mask. If attackers can alter the configuration file, they can use the program to gain access to files manipulated by the program. If the program is also vulnerable to path manipulation, an attacker may use this vulnerability to access arbitrary files on system.
1. An attacker is able to specify a path used in an operation that modifies permissions on the file system.
2. An attacker is able to specify the permissions assigned by an operation on the file system.
Example: The following code is designed to set proper file permissions for users uploading Web pages through FTP. It uses input from an HTTP request to mark a file as viewable for external users.
$rName = $_GET['publicReport'];
chmod("/home/". authenticateUser . "/public_html/" . rName,"0755");
...
However, if an attacker provides a malicious value for
publicReport, such as "../../localuser/public_html/.htpasswd", the application will make the specified file readable to the attacker.Example 2: The following code uses input from a configuration file to set the default permission mask. If attackers can alter the configuration file, they can use the program to gain access to files manipulated by the program. If the program is also vulnerable to path manipulation, an attacker may use this vulnerability to access arbitrary files on system.
...
$mask = $CONFIG_TXT['perms'];
chmod($filename,$mask);
...
References
[1] G. Hoglund, G. McGraw Exploiting Software Addison-Wesley
desc.dataflow.php.file_permission_manipulation
Abstract
Allowing user input to directly alter file permissions may enable an attacker to access otherwise protected system resources.
Explanation
File permission manipulation errors occur when any of the following conditions are met:
1. An attacker is able to specify a path used in an operation that modifies permissions on the file system.
2. An attacker is able to specify the permissions assigned by an operation on the file system.
Example 1: The following code uses input from system environment variables to set file permissions. If attackers can alter the system environment variables, they may use the program to gain access to files manipulated by the program. If the program is also vulnerable to path manipulation, an attacker may use this vulnerability to access arbitrary files on system.
1. An attacker is able to specify a path used in an operation that modifies permissions on the file system.
2. An attacker is able to specify the permissions assigned by an operation on the file system.
Example 1: The following code uses input from system environment variables to set file permissions. If attackers can alter the system environment variables, they may use the program to gain access to files manipulated by the program. If the program is also vulnerable to path manipulation, an attacker may use this vulnerability to access arbitrary files on system.
permissions = os.getenv("filePermissions");
os.chmod(filePath, permissions);
...
desc.dataflow.python.file_permission_manipulation
Abstract
Allowing user input to directly alter file permissions may enable an attacker to access otherwise protected system resources.
Explanation
File permission manipulation errors occur when any of the following conditions are met:
1. An attacker is able to specify a path used in an operation that modifies permissions on the file system.
2. An attacker is able to specify the permissions assigned by an operation on the file system.
Example: The following code is designed to set proper file permissions for users uploading Web pages through FTP. It uses input from an HTTP request to mark a file as viewable for external users.
However, if an attacker provides a malicious value for
Example 2: The following code uses input from a configuration file to set the default permission mask. If attackers can alter the configuration file, they may use the program to gain access to files manipulated by the program. If the program is also vulnerable to path manipulation, an attacker may use this vulnerability to access arbitrary files on system.
1. An attacker is able to specify a path used in an operation that modifies permissions on the file system.
2. An attacker is able to specify the permissions assigned by an operation on the file system.
Example: The following code is designed to set proper file permissions for users uploading Web pages through FTP. It uses input from an HTTP request to mark a file as viewable for external users.
...
rName = req['publicReport']
File.chmod("/home/#{authenticatedUser}/public_html/#{rName}", "0755")
...
However, if an attacker provides a malicious value for
publicReport, such as "../../localuser/public_html/.htpasswd", the application will make the specified file readable to the attacker.Example 2: The following code uses input from a configuration file to set the default permission mask. If attackers can alter the configuration file, they may use the program to gain access to files manipulated by the program. If the program is also vulnerable to path manipulation, an attacker may use this vulnerability to access arbitrary files on system.
...
mask = config_params['perms']
File.chmod(filename, mask)
...
References
[1] G. Hoglund, G. McGraw Exploiting Software Addison-Wesley
desc.dataflow.ruby.file_permission_manipulation