Excessive privileges - Access Mode - Go

Excessive privileges - Access Mode - Go

Need

Restriction of access privileges to system files and directories

Context

  • Usage of Go 1.16 for building high-performance and scalable applications
  • Usage of gin-gonic/gin for building web applications and APIs in Go
  • Usage of the os module for accessing operating system-related information

Description

Non compliant code

        package main

import (
	"github.com/gin-gonic/gin"
	"os"
)

func main() {
	r := gin.Default()
	r.GET("/ping", func(c *gin.Context) {
		c.JSON(200, gin.H{
			"message": "pong",
		})
	})
	err := os.Chmod("/path/to/sensitive/file", 0777)
	if err != nil {
		panic(err)
	}
	r.Run() 
}
        
        

In the code above, we are using the os.Chmod function to change the permissions of a file located at /path/to/sensitive/file. The permissions are being set to 0777. This is a problem because 0777 grants read, write, and execute permissions to everyone.

In Unix-like operating systems, permissions are represented by three digits. Each digit is a combination of the numbers 4, 2, 1:

- 4 stands for "read",
- 2 stands for "write",
- 1 stands for "execute", and
- 0 stands for "no permissions".

So, 0777 breaks down to:
- 0: special permissions (setuid, setgid, sticky bit)
- 7: read, write and execute for the owner
- 7: read, write and execute for the group
- 7: read, write and execute for other users

As you can see, this is a very permissive setting, and it's generally a bad practice to set this permission for system files or directories, as it allows any user to read, write, and execute the file or directory, potentially leading to information disclosure, data corruption, or unauthorized code execution.

Steps

  • Review the access mode of sensitive files or directories in your application.
  • Determine the minimum required access mode for each sensitive file or directory.
  • Modify the access mode of the sensitive files or directories to the minimum required level.
  • Avoid using excessively permissive access modes like 0777, as they can pose security risks.
  • Regularly review and update the access mode of sensitive files or directories as needed.
  • Consider implementing access control mechanisms to restrict access to sensitive files or directories based on user roles or permissions.

Compliant code

        package main

import (
	"github.com/gin-gonic/gin"
	"os"
)

func main() {
	r := gin.Default()
	r.GET("/ping", func(c *gin.Context) {
		c.JSON(200, gin.H{
			"message": "pong",
		})
	})
	err := os.Chmod("/path/to/sensitive/file", 0600)
	if err != nil {
		panic(err)
	}
	r.Run() 
}
        
        

The original code had a vulnerability where it was setting the access mode of a sensitive file to 0777. This is a security risk as it gives read, write, and execute permissions to all users, which could potentially lead to unauthorized access or modification of the file.

The fixed code changes the access mode to 0600, which gives read and write permissions only to the owner of the file, and no permissions to anyone else. This is a much safer setting, as it greatly reduces the risk of unauthorized access or modification.

The os.Chmod function is used to change the access mode of the file. The first argument is the path to the file, and the second argument is the new access mode. The access mode is specified as an octal number, where each digit represents the permissions for the owner, group, and others, respectively. The digit is the sum of 4 (read), 2 (write), and 1 (execute). So, 0600 gives read (4) and write (2) permissions to the owner, and no permissions (0) to the group and others.

It's important to regularly review and update the access modes of sensitive files as needed, and to avoid using excessively permissive access modes. Additionally, consider implementing access control mechanisms to further restrict access based on user roles or permissions.

References