CWE-732: Incorrect Permission Assignment for Critical Resource
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
扩展描述
When a resource is given a permission setting that provides access to a wider range of actors than required, it could lead to the exposure of sensitive information, or the modification of that resource by unintended parties. This is especially dangerous when the resource is related to program configuration, execution, or sensitive user data. For example, consider a misconfigured storage account for the cloud that can be read or written by a public or anonymous user.
常见后果
影响范围: Confidentiality
技术影响: Read Application Data Read Files or Directories
说明: An attacker may be able to read sensitive information from the associated resource, such as credentials or configuration information stored in a file.
影响范围: Access Control
技术影响: Gain Privileges or Assume Identity
说明: An attacker may be able to modify critical properties of the associated resource to gain privileges, such as replacing a world-writable executable with a Trojan horse.
影响范围: Integrity Other
技术影响: Modify Application Data Other
说明: An attacker may be able to destroy or corrupt critical data in the associated resource, such as deletion of records from a database.
潜在缓解措施
阶段: Implementation
描述: When using a critical resource such as a configuration file, check to see if the resource has insecure permissions (such as being modifiable by any regular user) [REF-62], and generate an error or even exit the software if there is a possibility that the resource could have been modified by an unauthorized party.
阶段: Architecture and Design
描述: Divide the software into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully defining distinct user groups, privileges, and/or roles. Map these against data, functionality, and the related resources. Then set the permissions accordingly. This will allow you to maintain more fine-grained control over your resources. [REF-207]
有效性: Moderate
阶段: Architecture and Design Operation
策略: Sandbox or Jail
有效性: Limited
阶段: Implementation Installation
描述: During program startup, explicitly set the default permissions or umask to the most restrictive setting possible. Also set the appropriate permissions during program installation. This will prevent you from inheriting insecure permissions from any user who installs or runs the program.
有效性: High
阶段: System Configuration
描述: For all configuration files, executables, and libraries, make sure that they are only readable and writable by the software's administrator.
有效性: High
阶段: Documentation
描述: Do not suggest insecure configuration changes in documentation, especially if those configurations can extend to resources and other programs that are outside the scope of the application.
阶段: Installation
描述: Do not assume that a system administrator will manually change the configuration to the settings that are recommended in the software's manual.
阶段: Operation System Configuration
策略: Environment Hardening
描述: Ensure that the software runs properly under the United States Government Configuration Baseline (USGCB) [REF-199] or an equivalent hardening configuration guide, which many organizations use to limit the attack surface and potential risk of deployed software.
阶段: Implementation System Configuration Operation
描述: When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to disable public access.
检测方法
方法: Automated Static Analysis
方法: Automated Dynamic Analysis
方法: Manual Analysis
This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.
方法: Manual Static Analysis
Manual static analysis may be effective in detecting the use of custom permissions models and functions. The code could then be examined to identifying usage of the related functions. Then the human analyst could evaluate permission assignments in the context of the intended security model of the software.
方法: Manual Dynamic Analysis
Manual dynamic analysis may be effective in detecting the use of custom permissions models and functions. The program could then be executed with a focus on exercising code paths that are related to the custom permissions. Then the human analyst could evaluate permission assignments in the context of the intended security model of the software.
方法: Fuzzing
Fuzzing is not effective in detecting this weakness.
方法: Black Box
方法: Automated Static Analysis - Binary or Bytecode
有效性: SOAR Partial
方法: Manual Static Analysis - Binary or Bytecode
有效性: SOAR Partial
方法: Dynamic Analysis with Automated Results Interpretation
有效性: SOAR Partial
方法: Dynamic Analysis with Manual Results Interpretation
有效性: High
方法: Manual Static Analysis - Source Code
有效性: High
方法: Automated Static Analysis - Source Code
有效性: SOAR Partial
方法: Automated Static Analysis
有效性: SOAR Partial
方法: Architecture or Design Review
有效性: High
观察示例
参考: CVE-2022-29527
Go application for cloud management creates a world-writable sudoers file that allows local attackers to inject sudo rules and escalate privileges to root by winning a race condition.
参考: CVE-2009-3482
Anti-virus product sets insecure "Everyone: Full Control" permissions for files under the "Program Files" folder, allowing attackers to replace executables with Trojan horses.
参考: CVE-2009-3897
Product creates directories with 0777 permissions at installation, allowing users to gain privileges and access a socket used for authentication.
参考: CVE-2009-3489
Photo editor installs a service with an insecure security descriptor, allowing users to stop or start the service, or execute commands as SYSTEM.
参考: CVE-2020-15708
socket created with insecure permissions
参考: CVE-2009-3289
Library function copies a file to a new target and uses the source file's permissions for the target, which is incorrect when the source file is a symbolic link, which typically has 0777 permissions.
参考: CVE-2009-0115
Device driver uses world-writable permissions for a socket file, allowing attackers to inject arbitrary commands.
参考: CVE-2009-1073
LDAP server stores a cleartext password in a world-readable file.
参考: CVE-2009-0141
Terminal emulator creates TTY devices with world-writable permissions, allowing an attacker to write to the terminals of other users.
参考: CVE-2008-0662
VPN product stores user credentials in a registry key with "Everyone: Full Control" permissions, allowing attackers to steal the credentials.
参考: CVE-2008-0322
Driver installs its device interface with "Everyone: Write" permissions.
参考: CVE-2009-3939
Driver installs a file with world-writable permissions.
参考: CVE-2009-3611
Product changes permissions to 0777 before deleting a backup; the permissions stay insecure for subsequent backups.
参考: CVE-2007-6033
Product creates a share with "Everyone: Full Control" permissions, allowing arbitrary program execution.
参考: CVE-2007-5544
Product uses "Everyone: Full Control" permissions for memory-mapped files (shared memory) in inter-process communication, allowing attackers to tamper with a session.
参考: CVE-2005-4868
Database product uses read/write permissions for everyone for its shared memory, allowing theft of credentials.
参考: CVE-2004-1714
Security product uses "Everyone: Full Control" permissions for its configuration files.
参考: CVE-2001-0006
"Everyone: Full Control" permissions assigned to a mutex allows users to disable network connectivity.
参考: CVE-2002-0969
Chain: database product contains buffer overflow that is only reachable through a .ini configuration file - which has "Everyone: Full Control" permissions.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |
| Implementation | - |
| Installation | The developer may set loose permissions in order to minimize problems when the user first runs the program, then create documentation stating that permissions should be tightened. Since system administrators and users do not always read the documentation, this can result in insecure permissions being left unchanged. |
| Operation | - |
适用平台
编程语言
技术
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| The CERT Oracle Secure Coding Standard for Java (2011) | FIO03-J | Create files with appropriate access permission | - |
| The CERT Oracle Secure Coding Standard for Java (2011) | SEC01-J | Do not allow tainted variables in privileged blocks | - |
| The CERT Oracle Secure Coding Standard for Java (2011) | ENV03-J | Do not grant dangerous combinations of permissions | - |
| CERT C Secure Coding | FIO06-C | Create files with appropriate access permissions | - |
关键信息
CWE ID: CWE-732
抽象级别: Class
结构: Simple
状态: Draft
利用可能性: High