In Unix file system permissions, the "others
" category refers to all users except the owner of the file system resource and the
members of the group assigned to this resource.
Granting permissions to this category can lead to unintended access to files or directories that could allow attackers to obtain sensitive information, disrupt services or elevate privileges.
There is a risk if you answered yes to any of those questions.
The most restrictive possible permissions should be assigned to files and directories.
public void setPermissions(String filePath) { Set<PosixFilePermission> perms = new HashSet<PosixFilePermission>(); // user permission perms.add(PosixFilePermission.OWNER_READ); perms.add(PosixFilePermission.OWNER_WRITE); perms.add(PosixFilePermission.OWNER_EXECUTE); // group permissions perms.add(PosixFilePermission.GROUP_READ); perms.add(PosixFilePermission.GROUP_EXECUTE); // others permissions perms.add(PosixFilePermission.OTHERS_READ); // Sensitive perms.add(PosixFilePermission.OTHERS_WRITE); // Sensitive perms.add(PosixFilePermission.OTHERS_EXECUTE); // Sensitive Files.setPosixFilePermissions(Paths.get(filePath), perms); }
public void setPermissionsUsingRuntimeExec(String filePath) { Runtime.getRuntime().exec("chmod 777 file.json"); // Sensitive }
public void setOthersPermissionsHardCoded(String filePath ) { Files.setPosixFilePermissions(Paths.get(filePath), PosixFilePermissions.fromString("rwxrwxrwx")); // Sensitive }
On operating systems that implement POSIX standard. This will throw a UnsupportedOperationException
on Windows.
public void setPermissionsSafe(String filePath) throws IOException { Set<PosixFilePermission> perms = new HashSet<PosixFilePermission>(); // user permission perms.add(PosixFilePermission.OWNER_READ); perms.add(PosixFilePermission.OWNER_WRITE); perms.add(PosixFilePermission.OWNER_EXECUTE); // group permissions perms.add(PosixFilePermission.GROUP_READ); perms.add(PosixFilePermission.GROUP_EXECUTE); // others permissions removed perms.remove(PosixFilePermission.OTHERS_READ); // Compliant perms.remove(PosixFilePermission.OTHERS_WRITE); // Compliant perms.remove(PosixFilePermission.OTHERS_EXECUTE); // Compliant Files.setPosixFilePermissions(Paths.get(filePath), perms); }