...
Mitigation strategies include use of:1. Use of
- other IPC mechanisms such as sockets and remote procedure calls
...
- the low-level Java Native Interface (JNI).
...
- memory mapped files
...
- threads to share heap data within the same JVM (applies to data sharing between Java processes only)
...
- a secure directory that can be accessed only by application instances. When using this strategy, ensure that multiple instances of the application running on the same platform avoid competing for the same files.
Shared access to a directory entails greater vulnerability than does shared access to a limited number of files. Consequently, temporary files in shared directories must be1.
- Created with unique and unpredictable file names,
...
- Opened with exclusive access,
...
- Removed before the program exits, and
...
- Opened with appropriate permissions.
Secure creation of temporary files is error prone and relies on platform dependent behavior; the Operating System, and the file system are the determining factors. Code that works for a locally mounted file system, for example, may be vulnerable when used with a remotely mounted file system. Moreover, most relevant APIs are problematic. The only secure comprehensive solution is to refrain from creating temporary files in shared directories.
...
| Code Block | ||
|---|---|---|
| ||
public static boolean isSecureDir(Path file) {
if (!Files.isDirectory( file)) {
return false;
}
if (!file.isAbsolute()) {
file = file.toAbsolutePath();
}
// If any parent dirs (from root on down) are not secure, dir is not secure
for (int i = 1; i <= file.getNameCount(); i++) {
Path partialPath = Paths.get( file.getRoot().toString(), file.subpath( 0, i).toString());
try {
if (Files.isSymbolicLink( partialPath)) {
if (!isSecureDir( Files.readSymbolicLink( partialPath))) {
// Symbolic link, linked-to dir not secure
return false;
}
} else {
FileSystem fileSystem = partialPath.getFileSystem();
UserPrincipalLookupService upls = fileSystem.getUserPrincipalLookupService();
UserPrincipal root = upls.lookupPrincipalByName("root");
UserPrincipal user = upls.lookupPrincipalByName( System.getProperty("user.name"));
UserPrincipal owner = Files.getOwner( partialPath);
if (!owner.equals( user) && !owner.equals( root)) {
// dir owned by someone else, not secure
return false;
}
PosixFileAttributes attr = Files.readAttributes( partialPath, PosixFileAttributes.class);
Set<PosixFilePermission> perms = attr.permissions();
if (perms.contains( PosixFilePermission.GROUP_WRITE) ||
perms.contains( PosixFilePermission.OTHERS_WRITE)) {
// someone else can write files, not secure
return false;
}
}
} catch (IOException x) {
return false;
}
}
return true;
}
|
...
Related Vulnerabilities
Other Languages
...
Related Guidelines
...
...
...
...
...
| CWE ID 377 "Insecure Temporary File" |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="563ad1181a1fe44b-732566fe-4f66479c-a96c846b-302dd598a0cef5d0d55b4a1c"><ac:plain-text-body><![CDATA[ | [[MITRE 2009 | AA. Bibliography#MITRE 09]] | [CWE ID 459 | http://cwe.mitre.org/data/definitions/459.html] "Incomplete Cleanup" | ]]></ac:plain-text-body></ac:structured-macro> | CWE ID 377 "Insecure Temporary File" |
Bibliography
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="5fd7f75438b01978-82a12183-4ce14a0d-a3669038-932370f9f705b30263402b4b"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | Class File, methods | ]]></ac:plain-text-body></ac:structured-macro> | |||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ea66624965db32fd-a8a0dcd2-48514222-8cefb3c1-878d7cb4bd25da5a26ad9f15"><ac:plain-text-body><![CDATA[ | [[Darwin 2004CVE 2008 | AA. Bibliography#Darwin 04Bibliography#CVE 08]] | [CVE-2008-5354 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5354] | ]]></ac:plain-text-body></ac:structured-macro> | ||
<ac:structured- | 11.5 Creating a Transient File | ]]></ac:plain-text-body></ac:structured-macro> | <ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="20d807fcc236f02a-99efa7c3-400c4705-9b06b01f-c7115fd0926c7fec9dd0a79e"><ac:plain-text-body><![CDATA[ | [[J2SE 2011Darwin 2004 | AA. Bibliography#J2SE 11Bibliography#Darwin 04]] | 11.5 Creating a Transient File | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ba72600595c378c1-1482501b-4eb541b8-87e0b9f5-c7a17da1998359c62fe9cb42"><ac:plain-text-body><![CDATA[ | [[SDN 2008J2SE 2011 | AA. Bibliography#SDN 08Bibliography#J2SE 11]] | Bug IDs: 4171239, 4405521, 4635827, 4631820 | ]]></ac:plain-text-body></ac:structured-macro> | |||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1396a8acc0e6e700-4643cb9b-4335480c-9642bfa8-ca434ba2546c69090c4cf06e"><ac:plain-text-body><![CDATA[ | [[Secunia SDN 2008 | AA. Bibliography#Secunia Bibliography#SDN 08]] | [Secunia Advisory 20132 | http://secunia.com/advisories/20132/] Bug IDs: 4171239, 4405521, 4635827, 4631820 | ]]></ac:plain-text-body></ac:structured-macro> | ||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="8c7df662eb482573-5e0b559f-4e1b454b-b6dcb09e-cc41cccd4135513051b3b246"><ac:plain-text-body><![CDATA[ | [[CVE Secunia 2008 | AA. Bibliography#CVE Bibliography#Secunia 08]] | [CVE-2008-5354Secunia Advisory 20132 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5354secunia.com/advisories/20132/] | ]]></ac:plain-text-body></ac:structured-macro> |
...