UNIX Hard Link
Weakness ID: 62 (Weakness Variant)Status: Incomplete
+ Description

Description Summary

The software, when opening a file or directory, does not sufficiently account for when the name is associated with a hard link to a target that is outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.

Extended Description

Failure for a system to check for hard links can result in vulnerability to different types of attacks. For example, an attacker can escalate their privileges if a file used by a privileged program is replaced with a hard link to a sensitive file (e.g. /etc/passwd). When the process opens the file, the attacker can assume the privileges of that process.

+ Time of Introduction
  • Implementation
+ Applicable Platforms

Languages

All

Operating Systems

UNIX

+ Observed Examples
ReferenceDescription
CVE-2001-1494Hard link attack, file overwrite; interesting because program checks against soft links
CVE-2002-0793
CVE-2003-0578
CVE-1999-0783
CVE-2004-1603
CVE-2004-1901
CVE-2005-1111Hard link race condition
BUGTRAQ:20030203 ASA-0001OpenBSD chpass/chfn/chsh file content leak
+ Potential Mitigations

Follow the principle of least privilege when assigning access rights to files. Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.

+ Weakness Ordinalities
OrdinalityDescription
Resultant
(where the weakness is typically related to the presence of some other weaknesses)
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness BaseWeakness Base59Improper Link Resolution Before File Access ('Link Following')
Research Concepts (primary)1000
ChildOfCategoryCategory60UNIX Path Link Problems
Resource-specific Weaknesses (primary)631
Development Concepts (primary)699
ChildOfCategoryCategory743CERT C Secure Coding Section 09 - Input Output (FIO)
Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
PeerOfWeakness VariantWeakness Variant71Apple '.DS_Store'
Research Concepts1000
+ Research Gaps

Under-studied. It is likely that programs that check for symbolic links could be vulnerable to hard links.

+ Causal Nature

Explicit

+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERUNIX hard link
CERT C Secure CodingFIO05-CIdentify files using multiple file attributes
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Applicable Platforms, Relationships, Taxonomy Mappings, Weakness Ordinalities
2008-10-14CWE Content TeamMITREInternal
updated Description
2008-11-24CWE Content TeamMITREInternal
updated Relationships, Taxonomy Mappings