Updating headings on every page
This commit is contained in:
@@ -4,7 +4,7 @@ date: 2023-06-29
|
||||
draft: false
|
||||
---
|
||||
|
||||
# Introduction
|
||||
## Introduction
|
||||
|
||||
Continuing summarizing the themes in "Secure Coding in C and C++" by Robert C. Seacord, we will discuss file I/O and how to prevent unauthorized access. File I/O is especially dangerous when a program is running under a privileged context and accesses files that unprivileged users can access. This can lead an attacker to read or even overwrite privileged files.
|
||||
|
||||
@@ -12,7 +12,7 @@ The tl;dr; here is, use proper file permissions, verify file paths, and use the
|
||||
|
||||
This post assumes basic knowledge of file system permissions and how paths are determined.
|
||||
|
||||
# Big Issues
|
||||
## Big Issues
|
||||
|
||||
There are several issues that can arise while attempting to access files on the system:
|
||||
|
||||
@@ -22,9 +22,9 @@ There are several issues that can arise while attempting to access files on the
|
||||
|
||||
Without properly handling these three primary issues, a process could leak information or provide a path for an attacker to alter system files.
|
||||
|
||||
# Unauthorized Path Access
|
||||
## Unauthorized Path Access
|
||||
|
||||
## Manipulated Paths
|
||||
### Manipulated Paths
|
||||
|
||||
Similar to SQL injection, a user can manipulate a path to attempt to access locations they shouldn't otherwise be able to access. The classic example is using the `..` notation to go up a directory level. Using multiple `../../../../` will eventually reach the root of the system, allowing a malicious user to access the entire system.
|
||||
|
||||
@@ -36,13 +36,13 @@ There are enough ways to perform directory traversal that it becomes difficult t
|
||||
|
||||
By requesting the absolute path, all these tricks are flattened and returns a standard path. Then the program can verify it should be accessing that path.
|
||||
|
||||
# Bad File Permissions
|
||||
## Bad File Permissions
|
||||
|
||||
On the surface this one is pretty simple. When creating a file, give it the most restrictive access possible for functionality to continue. By limiting access a malicious actor will have a harder time viewing and manipulating the data. And this should definitely be done, but there are some more subtle ways to keep things secure.
|
||||
|
||||
There are other file attributes that need to be considered. By checking and storing things like the inode number, link status, and device id, there is more assurance that this is the correct file and hasn't been replaced.
|
||||
|
||||
# Principle of Least Privilege
|
||||
## Principle of Least Privilege
|
||||
|
||||
Keep the program running as an unprivileged user and only request more privileges when needed. This is good advice for any program, but comes in handy for file IO.
|
||||
|
||||
@@ -50,7 +50,7 @@ In this case, when accessing a globally accessible file (such as in `/tmp`) the
|
||||
|
||||
If the program is running unprivileged when accessing these unprivileged files, it would get a file system error. This will prevent the program from accessing files out of scope.
|
||||
|
||||
# Conclusion
|
||||
## Conclusion
|
||||
|
||||
There are a few takeaways from exploring issues with File I/O.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user