perm-conf

Misconfigured File / Directory Permissions

Misconfigured file and directory permissions is a vulnerability that occurs when files or directories containing sensitive data are given permissions such that unintended users gain access to them. This can lead to exploits of this sensitive data.

Attack Vector

By observing the contents of files/directories that the attacker has permissions to, they may be able to find times when the program also uses these files/directories in insecure ways.

Impact

The impacts of an attack on misconfigured file/directory permissions include attackers reading sensitive data (if gaining read permissions), changing the contents of sensitive files (if gaining write permissions), or deleting files they should not have access to.

Attack Examples

Example 1

A lazy program author wants to give world readable permissions to multiple directories descending from the current directory of the program. To do this they execute chmod -R ugo+r curr_directory. However, they forgot that this directory has a child directory containing files with all users passwords! In this attempted short-cut, they gave unintended permission to read these files to everyone.

Example 2

When creating a directory for a new user, an inexperienced programmer simply calls mkdir(<path>) and chown(<path>, <username>), never actually setting permissions for only the owner. Therefore, the users directory is given default permissions of world readable-writable. Now an attacker, or any unintentionally curious user, can access other users home directories that may contain private files.

Defenses

To defend against attacks on misconfigured file and directory permissions, make sure that all sensitive data and programs have correct permissions at all times. This includes setting permissions when files are being moved and making sure permissions on files/directories that leave other files vulnerable are also secure.

Tips for Demonstration

To demonstrate an exploitation of misconfigured file or directory permissions, provide the file or directory you were able to access and what unexpected behavior you were able to perform.

Other resources

https://cwe.mitre.org/data/definitions/732.html

http://projects.webappsec.org/w/page/13246932/Improper%20Filesystem%20Permissions

https://wiki.owasp.org/index.php/File_System#Insecure_permissions

srowley1, wschor