92 lines
2.5 KiB
Plaintext
92 lines
2.5 KiB
Plaintext
In Unix, "others" class refers to all users except the owner of the file and the members of the group assigned to this file.
|
|
|
|
|
|
In Windows, "Everyone" group is similar and includes all members of the Authenticated Users group as well as the built-in Guest account, and several other built-in security accounts.
|
|
|
|
|
|
Granting permissions to these groups can lead to unintended access to files.
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
{empty}.Net Framework:
|
|
|
|
----
|
|
var unsafeAccessRule = new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Allow);
|
|
|
|
var fileSecurity = File.GetAccessControl("path");
|
|
fileSecurity.AddAccessRule(unsafeAccessRule); // Sensitive
|
|
fileSecurity.SetAccessRule(unsafeAccessRule); // Sensitive
|
|
File.SetAccessControl("fileName", fileSecurity);
|
|
----
|
|
|
|
{empty}.Net / .Net Core
|
|
|
|
----
|
|
var fileInfo = new FileInfo("path");
|
|
var fileSecurity = fileInfo.GetAccessControl();
|
|
|
|
fileSecurity.AddAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.Write, AccessControlType.Allow)); // Sensitive
|
|
fileInfo.SetAccessControl(fileSecurity);
|
|
----
|
|
|
|
{empty}.Net / .Net Core using Mono.Posix.NETStandard
|
|
|
|
----
|
|
var fileSystemEntry = UnixFileSystemInfo.GetFileSystemEntry("path");
|
|
fileSystemEntry.FileAccessPermissions = FileAccessPermissions.OtherReadWriteExecute; // Sensitive
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
{empty}.Net Framework
|
|
|
|
[source,csharp]
|
|
----
|
|
var safeAccessRule = new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Deny);
|
|
|
|
var fileSecurity = File.GetAccessControl("path");
|
|
fileSecurity.AddAccessRule(safeAccessRule);
|
|
File.SetAccessControl("path", fileSecurity);
|
|
----
|
|
|
|
{empty}.Net / .Net Core
|
|
|
|
[source,csharp]
|
|
----
|
|
var safeAccessRule = new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Deny);
|
|
|
|
var fileInfo = new FileInfo("path");
|
|
var fileSecurity = fileInfo.GetAccessControl();
|
|
fileSecurity.SetAccessRule(safeAccessRule);
|
|
fileInfo.SetAccessControl(fileSecurity);
|
|
----
|
|
|
|
{empty}.Net / .Net Core using Mono.Posix.NETStandard
|
|
|
|
[source,csharp]
|
|
----
|
|
var fs = UnixFileSystemInfo.GetFileSystemEntry("path");
|
|
fs.FileAccessPermissions = FileAccessPermissions.UserExecute;
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
endif::env-github,rspecator-view[]
|