DerScanner
Home / Vulnerability Database / Python : File permission manipulation
Python

Python : File permission manipulation

Classification

OWASP Top 10 2013
A7-Missing Function Level Access Control
OWASP Top 10 2017
A5-Broken Access Control
OWASP Top 10 2021
A1-Broken Access Control
OWASP ASVS
Access ControlAccess ControlAccess ControlAccess Control
PCI DSS 4.0
6.2.4
HIPAA
§164.312 (a)(1)
CWE
CWE-732CWE-1033
CWE/SANS Top 25 2011
CWE-732
CWE/SANS Top 25 2021
CWE-732

Overview

The application changes the file access permissions. The extra permissions (e.g., the right to execute) for an unlimited number of users can facilitate the organization of the attack.

Rootwrap provides a mechanism by which you can execute commands with elevated privileges (typically as root). Special care must be taken to ensure that this use of code does not allow a less privileged user to run commands as root.

Rootwrap provides a series of filters to limit the use of commands. The most commonly used filter is CommandFilter, but it provides the least restrictions on the command call.

POSIX based operating systems utilize a permissions model to protect access to parts of the file system. This model supports three roles “owner”, “group” and “others” each role may have a combination of “read”, “write” or “execute” flags sets.

Python provides chmod to manipulate POSIX style permissions. You need to report an error when chmod grants too many rights to someone.

References

  1. Rootwrap
  2. Use oslo rootwrap securely
  3. OWASP Top 10 2017-A5-Broken Access Control
  4. Apply Restrictive File Permissions
  5. Wiki: File system permissions
  6. CWE-732: Incorrect Permission Assignment for Critical Resource
CRITICAL

DerScanner Severity Score

Do you want to fix Python : File permission manipulation in your application?

See also

Python

Python : Debug mode on

Python

Python : Web3: Deprecated method

Python

Python : Unsafe padding