In my CMS, I have a PHP script that opens a .htm file for writing - fopen('footer.htm', 'w+'). This works with file permissions set to 666 on footer.htm, but doesn't work if set to 664.
Am I leaving this file open to abuse or hacking by setting the public permission to 'write'?
I am using an Apache virtual server.
That depends.
To modify the file, an attacker must be able to execute some kind of code on the server, e.g. have shell access. If this is the case, the permission is your smallest problem.
If you are on a shared hosting environment (other customers you don't know use your webserver) these other users possibly can change the file too, if your provider did not setup their security right and they know the path.
It is just not considered best practice to set 666 permissions. However most of these kind of attacks happen over your webserver, so restriscting the permission do not solve the problem, as the server needs to have write access.
So what you can do:
Change the mode to 664 and change the group to that of the webserver is running in - other users may still have write access by using the webserver.
What you should do:
Ensure that no malicious code is written into that file. If I find code like that I'm very confident to find a persistant cross-site scripting vulnerability.
Related
I'm a bit puzzled by this: someone who no longer works at our company told our client before leaving that what I'm about to describe is feasible, but I'm at a loss for how.
Our client is getting an smb share as read-only from one of their partners. I have absolutely no control over this. This share is mounted on one of our file servers at /mnt/share.
My task is to set up a share from /mnt/share to the clients active directory users, which i have done sucessfully, but I also need to set permissions on certain sensitive subfolders that should be accessible by only certain active directory groups. (for example, only users in the Accounting group should be able to read the "Accounting" subfolder)
According to all documentation I've read, this is impossible because the files "on disk" are read-only (since they are really just a mounted smb share). Attempts to set permissions anyway have been met with no feedback.
The file server is RHEL 7.x (it is in the correct AD realm) and I also have Admin access to Active Directory.
To summarize:
Partner SMB share (read only) -----> File server | SMB share -------[This is where I need to set permissions]-------> user machines.
• Since the SMB share itself has read-only permissions on the RHEL 7.X file server, they define the on-disk permissions set for that share on the file server as well as the other network resources that access it. Thus, as the file server has authority of the SMB share and only read-only access has been defined on it for all other users that access it, so even if you try to map it on other systems that run Windows, it will only be a read-only folder without any other permissions on it.
Hence, to set file and folder level ACL permissions on it, you will have to enable read, write, and execute permissions to all the users on that share and then map it on a Windows system by logging in it with AD administrator credentials and set custom permissions accordingly in its directory as per the requirement. In this way, you would be able to assign the correct permissions to a user/group or a resource on a file/folder or a directory in that share.
Thus, to change the permissions of the ‘/mnt/share’ on RHEL 7.X file server, please execute the below command in the terminal by logging as the root user.
Browse to the SMB share on linux terminal and run ‘ls -dl’, it will show all the permissions set for the share. Then run ‘chmod a=rwx’, this will set ‘Read, write and execute’ permissions on the share to all the users. Then, run ‘ls -l’ again on the terminal to check the newly modified permissions on the share. It should display as ‘drwxrwxrwx’ which means the permissions have been set correctly.
Please refer the below link for more reference: -
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_basic_system_settings/assembly_managing-file-permissions_configuring-basic-system-settings
I've had confirmation from a seasoned veteran that what i'm trying to do cannot be done. Since the "disk" that i'm sharing is mounted read-only, neither linux nor windows will let me apply permissions to specific folders inside the share, unless this was done from the original share, which i cannot control.
the only access control i've managed to apply was by pointing compmgmt.msc to the linux share server, and managing the "share access" security options to only allow a certain group to access the entire share.
In my current project I like to use fopen or fopen_s to create a file via "w" option.
Using a QT GUI the user may choose any file name which is basically the return string of a file dialog - similar to what is known to windows dialogs.
QFileDialog::getSaveFileName(this,"Save as...","","all files (*.*)");
However, depending on the file name it gets created or not.
So for instance I can write files in my build directory 'C:/SVN/builds/GUI/temp.txt'
And I can create files on the windows desktop 'C:/Users/XXX/Desktop/temp.txt'
I can even create files in other build dirs 'C:/SVN/builds/foo/bin/Release/temp.txt'
But fopen doesn't let me create 'C:/temp.txt' and returns "access denied" (errorno 13)
my issue can be solved like described here: https://stackoverflow.com/a/4735652/2220850
but this effectively requires the user to have admin rights for my silly little tool to run properly.
so isn't there another way to get permissions to write the file the user selected from within the GUI?
Or is there at least for the user and me a way to know where on the disks our tool may or may not create files?
cheers
I don't think you can solve this in a clean way. There are folders that are forbidden to non-admin users. That's the way it is (without tweaking to OS settings).
Displaying your users a sensible error message like "Access denied (you may need admin rights to write to this directory, select a directory you may write to)" is probably the best way.
Read/write stuff where the shell/OS tells you you can/should do. Call the shell API to find out the correct path for Windows OS:
SHGetFolderPath()
SHGetKnownFolderPath()
I currently have a C# Application that is a distribute, and that multiple people have. I was wondering which approach could I take to hide the app.config file (.exe.config) file that is produced after a build, So that the users cannot see my connectionstrings to my remote server. I read somewhere that If I encrypt the file, It can only be decrypted on the machine It was encrypted on, which means that It would not work for the other computers that the application is on, It would only work on my PC. Which approach could I take so that The config file can be hidden / obfuscated / encrypted, or anything to protect the config file, But without it being specific only to my computer, that can actually work for any one else who has the distributed version?
Any help would be appreciated, Thanks
Do not ever give a credential to someone if you don't want them to be able to use it. It really is that simple. You cannot both give a credential to and withhold a credential from the same entity. Whatever security checks you need to do, do them on your machine. That way, even someone who has the connection strings cannot bypass any security check you care about.
If you are worried about exposing addresses of other machines you might want to consider putting these machine behind a router machine.
This way client machines and their users only know about the proxy and the remote machines would only have to be open to and trust the proxy.
Even if you encrypt the config file:
the machine will need to decrypt the file to use the connection information so the secret is out any way
using a network sniffer the user can always see to what machines his machine is connecting.
I need to write a C program that will allow me to read/write files that are owned by root. However, I can only run the code under another user. I have the root password, but there are no "sudo" or "su" commands on the system, so I have no way of accessing the root account (there are practically no shell commands whatsoever, actually). I don't know a whole lot about UNIX permissions, so I don't know whether or not it is actually possible to do this without exploiting the system in some way or running a program owned by root itself (with +s or whatever). Any advice?
Thanks!
P.S. No, this isn't anything malicious, this is on an iPhone.
Under the UNIX permissions system, you need to run a file owned by root itself that's marked setuid-root (+s, as you said) or communicate with some process that is already running as root.
If there is no such file, you are out of luck.
You can do this with setting suid bit to application, but if you want from this c application run a some shell this was be runned on local user if you do it normally this is security system.
However you can read/write/execute files owned by root, but if your user is not in group of file your target file must have setted read/write/execute on last 3 bits or when your user is in file owner group you must check/apply this to 3 bits in middle position. (3 first bits setting permission to owner but this may not by a usable information for you).
If you dont have any access to root account. Then if group and other user permissions dont access functions as you must have, you can't do with this anything except trying get some prilveaged user for access this file. In other cases you can do some fixes in file access permissions but not from this system, you must get hard drive from this device and attach to other to change it or load on this device some live system to change this. However you can do this on privleaged system not on this.
More information about SUID bits you can find at:
http://www.codecoffee.com/tipsforlinux/articles/028.html
http://www.everyjoe.com/newlinuxuser/explain-what-is-setuid-and-setgid/
The iPhone SDK doesn't allow this. Your application is sandboxed and it is not allowed to go outside of that sandbox except in very specific ways provided by Apple. The only way to do this on an iPhone is to jailbreak it.
I don't really understand windows UAC...
I need for my program to be able to update and add files to a specific directory belonging to a program. This directory may be a subdirectory of an application in Program Files, for example c:\Program Files\MyApp\Data or it may be installed elsewhere.
I believe that if it's under Program Files then my program will be prevented from writting there unless it is running as an administrator AND has elevated it's access rights. Is that correct?
I need to be able to update files in that directory preferable without invoking elevated privileges and with the main application still "protected", just allow access to that one directory. I can't move the Data folder elsewhere as this as it's a 3rd party application I need to interface with.
How is it determined that UAC is needed for folders in Program Files? Is Program Files special in some way or is just permissions? If I were to adjust the permissions on that Data subdirectory so that the user account running the program had write access would that allow my application to update files in that directory without special privileges?
Or is there a better way to achieve this that I'm not thinking of? My update program needs to be in java so getting elevated privileges is a pain. I imagine I'll need to write a C++ wrapper to run the java VM so that i can give that wrapper an appropriate manifest. Not impossible but I don't really want to have to do this.
Try changing your application's directory security settings on-install to allow "Authenticated Users" write permissions.
Usually, when you need both protected and unprotected UAC modes you do the following.
Create two executable (one should be the main one and not require privileges for any operation, the second one should be able to perform privileges operations).
Start the first (main) one using limited privileges.
When you need to perform an privileged operation, create a new process with administrative rights (will pop the UAC window) and start the second application in it.
When done with the second application close it and you'll be back to limited mode.
This is how VMWare Workstation does when you change global settings.
Edit: Changing the permissions on a folder is not a good approach. Is just a dirty hack because anybody can write to that folder and this will just invalidate the role of UAC - after all this is the role of UAC: to prevent unprivileged changes in special folders.