Weak File Permission and Attribute Exploitation

Popularity:

10

Simplicity:

10

Impact:

10

Risk Rating:

10

Linux machines commonly have ordinary user accounts not used for privileged administrative purposes. These accounts, by default, can be used to glean sensitive system data or data stored by other users and often make undesirable or dangerous changes to both.

By default, file permissions usually permit users to have read access to most files on the system. Although this may be desirable for allowing everything on the system to function properly with minimal effort while restricting users from changing files they should not modify, it provides an avenue for attackers to perform an undesirable level of snooping.

This is especially a concern if Owner, Group, and Everyone permissions are not set carefully in home directories or other locations of sensitive or personal files. If employees do not intend to share their files with a group of people, then the user account for the employee should belong to a primary group unique to the employee's user account, perhaps with the same name as the user account. That way all files created by that user are also assigned to a group unique to that user.

Below is a default, unprivileged user account, testl, and an example of the default Owner/Group/Everyone permissions assigned to files created by testl:

[email protected]:/home/test1> touch testfilel [email protected]:/home/test1> ls -l total C

-rw-r--r-- 1 test1 users C Oct 10 11:29 testfile2 [email protected]:/home/test1>

Notice that even though the file is owned by test1, the users group can read it, which all new users are assigned to by default, and the Everyone group can also read it. This is not conducive to confidentiality but is easily remedied.

Was this article helpful?

0 0
The Ultimate Computer Repair Guide

The Ultimate Computer Repair Guide

Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.

Get My Free Ebook


Post a comment