Skip to content

Golang Misconfigured Directory Creation Permissions

What does this mean ?

Misconfigured directory permissions that allows attackers to modify/alter the content

What can happen ?

When the directory is created with insufficient permissions, this will allow attackers to access sensitive areas of your application, making it easy for the threat actors to (create and alter) directories.

Recommendation

Do not use insufficient file permissions when creating a directory. Directory permission should be 0750 or less while making it.

The architecture needs to access and modify attributes for files to only those users who require those actions.

Compartmentalize the system to have "safe" locations/paths. Do not allow sensitive data to go outside the trusted boundary, and always be careful when interfacing with a compartment outside the safe location/path.

References