362 handle.write(self.get_content(find_command(command)))
363
364 if not os.access(filename, os.X_OK):
365 os.chmod(filename, 0o755) # noqa: S103, nosec366
367
368SSH_WRAPPER = SSHWrapper()
20
21 def enable(self) -> None:
22 self._tempdir = tempfile.mkdtemp()
23 os.chmod(self._tempdir, 0o755) # noqa: S103, nosec24 self.options[self._setting] = self._tempdir
25 super().enable()
26
132 # Create temporary working dir
133 workdir = tempfile.mkdtemp(dir=project.full_path)
134 # Make the temporary directory readable by others
135 os.chmod(workdir, 0o755) # noqa: S103, nosec136
137 # Initialize git repository
138 self.logger.info("Cloning git repository...")
Files should be created with restrictive file permissions to prevent vulnerabilities such as information disclosure and code execution. In particular, any files which may contain confidential information should be set to only permit access by the owning user/service and group (i.e., no world/other access).
POSIX based operating systems utilize a permissions model to protect access to parts of the file system. Every file in the POSIX file system has the following permissions:
Granting permissions to others
can lead to unintended access and modification to files. Discretion should be used when granting write access to files such as configuration files to prevent vulnerabilities, including denial of service and remote code execution.
It is recommended to assign the most restrictive permissions to files and directories.
import os
os.chmod('/etc/passwd', 0o227) # Insecure, read and write permission granted to others
os.chmod('~/.bashrc', 511) # Insecure, write permission granted to others
os.chmod('/etc/hosts', 0o777) # Insecure, write permission granted to group and others
import os
os.chmod('/etc/passwd', 0o664)
os.chmod('~/.bashrc', 0o644)
os.chmod('/etc/hosts', 0o700)