2021-01-23 04:07:47 +00:00
In Unix, "others" class refers to all users except the owner of the file and the members of the group assigned to this file.
2021-02-02 15:02:10 +01:00
2021-01-23 04:07:47 +00:00
In Windows, "Everyone" group is similar and includes all members of the Authenticated Users group as well as the built-in Guest account, and several other built-in security accounts.
2021-01-22 04:06:24 +00:00
2021-02-02 15:02:10 +01:00
2021-01-22 04:06:24 +00:00
Granting permissions to these groups can lead to unintended access to files.
include::../ask-yourself.adoc[]
include::../recommended.adoc[]
== Sensitive Code Example
2021-02-16 11:54:08 +01:00
{empty}.Net Framework:
2021-01-22 04:06:24 +00:00
----
var unsafeAccessRule = new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Allow);
var fileSecurity = File.GetAccessControl("path");
2021-01-27 12:06:36 +01:00
fileSecurity.AddAccessRule(unsafeAccessRule); // Sensitive
fileSecurity.SetAccessRule(unsafeAccessRule); // Sensitive
2021-01-22 04:06:24 +00:00
File.SetAccessControl("fileName", fileSecurity);
----
2021-02-16 11:54:08 +01:00
{empty}.Net / .Net Core
2021-01-22 04:06:24 +00:00
----
var fileInfo = new FileInfo("path");
var fileSecurity = fileInfo.GetAccessControl();
2021-01-27 12:06:36 +01:00
fileSecurity.AddAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.Write, AccessControlType.Allow)); // Sensitive
2021-01-22 04:06:24 +00:00
fileInfo.SetAccessControl(fileSecurity);
----
2021-02-16 11:54:08 +01:00
{empty}.Net / .Net Core using Mono.Posix.NETStandard
2021-01-22 04:06:24 +00:00
----
2021-02-15 12:31:39 +01:00
var fileSystemEntry = UnixFileSystemInfo.GetFileSystemEntry("path");
2021-01-27 12:06:36 +01:00
fileSystemEntry.FileAccessPermissions = FileAccessPermissions.OtherReadWriteExecute; // Sensitive
2021-01-22 04:06:24 +00:00
----
== Compliant Solution
2021-02-16 11:54:08 +01:00
{empty}.Net Framework
2021-01-23 04:07:47 +00:00
----
var safeAccessRule = new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Deny);
var fileSecurity = File.GetAccessControl("path");
fileSecurity.AddAccessRule(safeAccessRule);
File.SetAccessControl("path", fileSecurity);
----
2021-02-16 11:54:08 +01:00
{empty}.Net / .Net Core
2021-01-23 04:07:47 +00:00
2021-01-22 04:06:24 +00:00
----
var safeAccessRule = new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Deny);
var fileInfo = new FileInfo("path");
var fileSecurity = fileInfo.GetAccessControl();
fileSecurity.SetAccessRule(safeAccessRule);
fileInfo.SetAccessControl(fileSecurity);
----
2021-02-16 11:54:08 +01:00
{empty}.Net / .Net Core using Mono.Posix.NETStandard
2021-01-23 04:07:47 +00:00
2021-01-22 04:06:24 +00:00
----
var fs = UnixFileSystemInfo.GetFileSystemEntry("path");
fs.FileAccessPermissions = FileAccessPermissions.UserExecute;
----
include::../see.adoc[]
2021-06-02 20:44:38 +02:00
2021-06-03 09:05:38 +02:00
ifdef::env-github,rspecator-view[]
2021-06-02 20:44:38 +02:00
== Comments And Links
(visible only on this page)
include::../comments-and-links.adoc[]
2021-06-03 09:05:38 +02:00
endif::env-github,rspecator-view[]
