Insecure Preserved Inherited Permissions
Weakness ID: 278 (Weakness Variant)Status: Incomplete
+ Description

Description Summary

A product inherits a set of insecure permissions for an object, e.g. when copying from an archive file, without user awareness or involvement.
+ Time of Introduction
  • Architecture and Design
  • Operation
+ Applicable Platforms

Languages

All

+ Observed Examples
ReferenceDescription
CVE-2005-1724Does not obey specified permissions when exporting.
+ Potential Mitigations

Very carefully manage the setting, management and handling of permissions. Explicitly manage trust zones in the software.

Phase: Architecture and Design

Ensure that appropriate compartmentalization is built into the system design and that the compartmentalization serves to allow for and further reinforce privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide when it is appropriate to use and to drop system privileges.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory275Permission Issues
Development Concepts (primary)699
ChildOfWeakness ClassWeakness Class732Incorrect Permission Assignment for Critical Resource
Research Concepts (primary)1000
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERInsecure preserved inherited permissions
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Taxonomy Mappings
Back to top