SV.PERMS.WIDE

Too wide permissions

SV.PERMS.WIDE is triggered when a folder or file is given permissions that are readable/writable/executable by other users or writable by groups. Any set of permissions matching ****w*rwx, are considered security-vulnerable permissions.

Vulnerability and risk

The above permissions pose a security threat because an unintended user can read or modify the resource. Although this assignment may be intentional in some cases, there can be cases where it has been implemented by mistake, leading to a security vulnerability for a resource.

Mitigation and prevention

This issue can be prevented if the permissions are set to be correct for groups and others, or if temporary files or folders are created by using the following java.nio methods:
  • createTempFile
  • createTempDirectory

Vulnerable code example 1

Copy
  public class FilePosix {    
    public static void test() throws Exception {         
     Path path = Paths.get("/home/ubuntu/test/posix-file.txt");         
     if (!Files.exists(path)) Files.createFile(path);  
     String s = "rwxrwxr-x";
     Set<PosixFilePermission> perms = PosixFilePermissions.fromString(s); // matched to '****w*rwx' >> NG
     Files.setPosixFilePermissions(path, perms)
   }
  } 

Klocwork reports a SV.PERMS.WIDE defect at line 4, indicating, "Too wide permissions rwxrwxr-x for the file/folder /home/ubuntu/test/posix-file.txt". The permissions assigned to the file are too broad, as they provide read, write, or execute access to individuals other than the owner.

Fixed code example 1

Copy
  public class FilePosix {     
   public static void test() throws Exception {          
    Path path = Paths.get("/home/ubuntu/test/posix-file.txt");          
    if (!Files.exists(path)) Files.createFile(path);    
    String s = "rwx------";  
    Set<PosixFilePermission> perms = PosixFilePermissions.fromString(s); // Good, no defect  
    Files.setPosixFilePermissions(path, perms)
   }
  } 

In this example, Klocwork no longer reports the issue because the permissions 'rwx------' only allow the owner to read, write, and execute. Groups and others are prevented from doing so.

Vulnerable code example 2

Copy
  public class FilePosix {    
  public static void test() throws Exception {   
    Path path = Paths.get("/home/ubuntu/test");           
    String s = "rwxrwxr-x";
    Set<PosixFilePermission> perms = PosixFilePermissions.fromString(s); // matched to '****w*rwx' -> Defect found! 
    FileAttribute<Set<PosixFilePermission>> attr = PosixFilePermissions.asFileAttribute(perms)
    Files.createDirectory(path, attr);
   }
  }

Klocwork reports an SV.PERMS.WIDE defect at line 7, indicating, "Too wide permissions rwxrwxr-x for the file/folder /home/ubuntu/test". The permissions rwxrwxr-x allow groups to read, write, and execute, and others to read and execute, which are too broad for the new directory.

Fixed code example 2

Copy
  public class FilePosix {     
   public static void test() throws Exception {    
    Path path = Paths.get("/home/ubuntu/test");            
    String s = "rwxrwxr-x";
    Set<PosixFilePermission> perms = PosixFilePermissions.fromString(s);  
    FileAttribute<Set<PosixFilePermission>> attr = PosixFilePermissions.asFileAttribute(perms);   
    Files.createTempDirectory(path, attr);
   }
  }

In this example, Klocwork no longer reports the issue because although the permissions 'rwxrwxr-x' are broad for groups and others, in this case, a temporary directory is created.

Related checkers

Security training

Application security training materials provided by Secure Code Warrior.