如果允許用戶輸入直接更改文件權限,則可以讓攻擊者訪問受保護的系統資源。
當滿足以下任一條件時,就會產生 file permission manipulation 錯誤:
1. 攻擊者能夠指定修改 file system 權限操作中所使用的路徑。
2. 攻擊者能夠指定 file system 操作中所分配的權限。
示例:以下代碼旨在為用戶設置適當的文件權限以 FTP 上載網頁。它使用來自 HTTP 請求的輸入將文件標記為外部用戶可查看的文件。
$rName = $_GET['publicReport'];
chmod("/home/". authenticateUser ."/public_html" . rName,"0755");
...
publicReport 提供惡意值(例如,../../localuser/public_html/.htpasswd),那么應用程序將允許攻擊者讀取指定文件。
...
$mask = $CONFIG_TXT['perms'];
chmod($filename,$mask);
...
[1] Standards Mapping - OWASP Top 10 2004 - (OWASP 2004) A2 Broken Access Control
[2] Standards Mapping - FIPS200 - (FISMA) AC
[3] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 264, CWE ID 732
[4] G. Hoglund, G. McGraw Exploiting Software Addison-Wesley
[5] Standards Mapping - SANS Top 25 2009 - (SANS 2009) Porous Defenses - CWE ID 732
[6] Standards Mapping - SANS Top 25 2010 - (SANS 2010) Porous Defenses - CWE ID 732
[7] Standards Mapping - SANS Top 25 2011 - (SANS Top 25 2011) Porous Defenses - CWE ID 732
[8] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2 - (PCI 1.2) Requirement 6.3.1.1
[9] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 - (PCI 1.1) Requirement 6.5.2
[10] Standards Mapping - Payment Card Industry Data Security Standard Version 2.0 - (PCI 2.0) Requirement 6.5.8