Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Linux: Insecure Permissions on Files and Folders #185

Closed
TonyWildish-BH opened this issue Oct 10, 2024 · 1 comment
Closed

Linux: Insecure Permissions on Files and Folders #185

TonyWildish-BH opened this issue Oct 10, 2024 · 1 comment
Assignees
Labels
bug Something isn't working EPIC - Pen-test fixes Fixing security issues found during penetration testing MVP Things that need to be considered for the MVP release

Comments

@TonyWildish-BH
Copy link
Collaborator

The penetration testing report showed that (page 57):

The Julia programming language was installed in a directory with world-write permissions, enabling low privileged users to tamper with binaries.

The Julia programming language was installed within the /opt directory with permissions that permit any user to modify, read or execute the file, typically achieved by executing a chmod 777 command.

It was also noted that the users were “orphaned”, as the owner of the file no longer existed on the system.

This is a medium level risk, but is something we must fix before the next pen-test.

@TonyWildish-BH TonyWildish-BH added bug Something isn't working MVP Things that need to be considered for the MVP release EPIC - Pen-test fixes Fixing security issues found during penetration testing labels Oct 10, 2024
@TonyWildish-BH
Copy link
Collaborator Author

Also check for any other world-writeable directories

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working EPIC - Pen-test fixes Fixing security issues found during penetration testing MVP Things that need to be considered for the MVP release
Projects
None yet
Development

No branches or pull requests

2 participants