Insecure File Permissions

ID

python.insecure_file_permissions

Severity

low

Resource

Access Control

Language

Python

Tags

CWE:732, NIST.SP.800-53, OWASP:2021:A1, PCI-DSS:6.5.6

Description

Insecure file permissions occur when files are assigned permissions that are too permissive, allowing unauthorized users to access or modify them.

Rationale

Setting insecure file permissions is a common vulnerability that can lead to unauthorized access or modification of files containing sensitive information. It often arises from using overly permissive settings when creating or modifying files through code, such as with the os.chmod function in Python.

Here is a Python example illustrating the problem:

import os

# Insecurely setting file permissions to be readable and writable by everyone
os.chmod('sensitive_file.txt', 0o777) # FLAW

Remediation

To remediate this vulnerability, carefully set file permissions to the least permissive setting required for the application’s functionality, ensuring that only authorized users have access.

Try to use these values whenever possible:

  • 0400 - Read only access

  • 0200 - Write only access

  • 0600 - Read / Write access

References

  • CWE-732 : Incorrect Permission Assignment for Critical Resource.