CWE-62
UNIX Hard Link
AI Translation Available
The product, when opening a file or directory, does not sufficiently account for when the name is associated with a hard link to a target that is outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.
Status
incomplete
Abstraction
variant
Affected Platforms
Extended Description
AI Translation
Failure for a system to check for hard links can result in vulnerability to different types of attacks. For example, an attacker can escalate their privileges if a file used by a privileged program is replaced with a hard link to a sensitive file (e.g. /etc/passwd). When the process opens the file, the attacker can assume the privileges of that process.
Technical Details
AI Translation
Common Consequences
confidentiality
integrity
Impacts
read files or directories
modify files or directories
Potential Mitigations
Phases:
architecture and design
Descriptions:
•
Follow the principle of least privilege when assigning access rights to entities in a software system.
Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
Functional Areas
file processing