CWE-62

UNIX Hard Link

The product, when opening a file or directory, does not sufficiently account for when the name is associated with a hard link to a target that is outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.

Mitigation ID: MIT-48.1

Phase: Architecture and Design

Strategy: Separation of Privilege

Description:

Follow the principle of least privilege when assigning access rights to entities in a software system.
Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page