|Name ||Manipulating Input to File System Calls |
|Summary ||An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible. |
|Prerequisites ||Program must allow for user controlled variables to be applied directly to the filesystem |
|Solutions ||Design: Enforce principle of least privilege.
Design: Ensure all input is validated, and does not contain file system commands
Design: Run server interfaces with a non-root account and/or utilize chroot jails or other configuration techniques to constrain privileges even if attacker gains some limited access to commands.
Design: For interactive user applications, consider if direct file system interface is necessary, instead consider having the application proxy communication.
Implementation: Perform testing such as pen-testing and vulnerability scanning to identify directories, programs, and interfaces that grant direct access to executables. |
|CWE ID ||Description |
|CWE-15 ||External Control of System or Configuration Setting |
|CWE-22 ||Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
|CWE-23 ||Relative Path Traversal |
|CWE-59 ||Improper Link Resolution Before File Access ('Link Following') |
|CWE-73 ||External Control of File Name or Path |
|CWE-74 ||Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
|CWE-77 ||Improper Neutralization of Special Elements used in a Command ('Command Injection') |
|CWE-264 || |
|CWE-272 ||Least Privilege Violation |
|CWE-285 ||Improper Authorization |
|CWE-346 ||Origin Validation Error |
|CWE-348 ||Use of Less Trusted Source |
|CWE-715 || |