Highest Voted 'file-access' Questions - IT Security Stack Exchange

1

vote

1 answer

Protecting the root ca bundle

Applications (e.g. Firefox) often include a root ca bundle file containing trusted certificates. How can I protect those files from malicious agents trying to modify them? I think signing is not an option because they could also replace the public…

asked Mar 01 '15 at 03:35

fbbdev

113
2

1

vote

2 answers

How to transfer securely a file between servers?

Let's say I have two Linux servers. One containing a desktop app database (running on a local network) and a webserver. I want to automatically transfer each hour a database file (with a size of a few MB) from the local server to the web server to…

authentication ssh file-encryption file-upload file-access

asked Aug 18 '14 at 15:22

Juanma Crescente

13
3

1

vote

1 answer

Force download files protected with auth headers

By several REST clients the credentials are sent with every request through custom HTTP authorization headers to the REST service. Is there a way to force file download in the browser when accessing files stored in the REST service, is protected…

web-browser web-service rest file-access

asked Jun 02 '14 at 15:02

inf3rno

487
1
7
19

1

vote

1 answer

Installing Joomla with nobody:nobody user/group (CentOS/cPanel)

If you are installing Joomla via cPanel's File Manager to your mywebsite.com (user mywebsite) account, you will upload the package to your server and extract the archive. All files will have the user and group according to your account…

linux access-control file-access centos joomla

asked Dec 01 '13 at 03:45

Yatko

111
2

1

vote

1 answer

Disadvantages of a single administrator checking all file permissions

What would be the security disadvantages of a single administrator checking every file permission in a network of computers? Obviously this is a theoretical question. I'm thinking that the fact that one entity has control over every file in the…

file-access

asked Sep 11 '13 at 00:30

Milk

111
2

1

vote

1 answer

Securing Downloadable Files on Website Per User

I have an ASP.NET website serving up private PDF documents. The PDFs are stored unencrypted on a share on the internal network. The user logs in and navigates to the download page. The web server validates that the user has access to the file, loads…

web-application network permissions file-access

asked May 10 '13 at 15:28

John

45
4

1

vote

2 answers

Per-transfer authorization of file transfers on a per transaction basis

In my organization, users have the rights to transfer files to and from servers using SSH File Transfer protocol for a variety of reasons; e.g. application troubleshooting, BAU, etc. Although our servers are configured with logging to keep track of…

server file-upload file-access

asked May 08 '13 at 13:52

JasperM

11
1

1

vote

2 answers

Safely generate a non-log file within an application server

How does one go about safely write a temporary file to a location within an application server that is publicly accessible?

web-application file-system file-access

asked Mar 01 '13 at 14:15

Woot4Moo

889
6
10

1

vote

1 answer

Does adding a randomized string in S3 file path has equal security to Google Drive shared link

I would like to use an AWS S3 bucket to store my IoT firmware file and allows all of my IoT devices to access it to update the firmware to the latest version. I want that the firmware file in the S3 bucket is secret to only me and my devices. But I…

permissions aws file-access amazon-s3 google-cloud-platform

asked Apr 06 '21 at 17:16

asinkxcoswt

375
1
3
7

1

vote

1 answer

Generate C File Stream Object on remote machine without fopen()

Let's say we have an elf a and a textfile a.txt in the same directory. The a elf is a program, that is remotely accessible/executable. In addition a contains the instruction fgets(buf,len,stdin); and a remote attacker manages to get full control…

c file-access

asked Sep 29 '20 at 12:54

Simon Huenecke

21
1

1

vote

1 answer

Host filesystem manipulation from docker vs. virtual machine

When reading about docker, I found a part of the documentation describing the attack surface of the docker daemon. From what I was able to understand, part of the argument is that it is possible to share (basically arbitrary) parts of the host…

virtualization privilege-escalation file-access docker

asked Aug 12 '20 at 10:03

AlexV

111
4

1

vote

1 answer

Secure File Replication between LAN and DMZ

Our support staff established remote access connection from jumphosts that are isolated within a DMZ. To provide support they need project files (up to a few GB of size) which are stored on a file server within our LAN. Currently, the transfer is…

file-access dmz synchronization

asked Jan 11 '20 at 08:53

gumlozol

21
2

1

vote

0 answers

How is mkdir subject to a TOCTOU attack?

My answer here, resulted in this comment: This could be subject to a TOCTOU1 attack and needs to be developed to be correct. The answer is in Rust, but here's some equivalent bash: p=/home/roger/foo/bar/baz.txt d=$(dirname $p) mkdir -p $d # ...and…

vulnerability file-access

asked Nov 26 '19 at 11:14

Roger Lipscombe

2,307
3
14
20

1

vote

1 answer

Can script steal sensitive data in home directory on Linux and is SELinux optimal way/tool to prevent it

The premise: on a Linux workstation I regularly download and use various software, let's say Perl or Nodejs modules. When I use them they run on the machine with me as the owner and can do whatever I can in my home directory, so they can access and…

linux key-management file-access selinux

asked Jun 06 '19 at 19:16

Dmitry Koroliov

281
1
7

1

vote

2 answers

Tomcat application arbitrary file read exploitation

In recent black-box pen-test of a webapp hosted on CentOS, I found a vulnerability that allowed me to grab contents of files (kind of file inclusion) located within the home path of Tomcat. In classic scenario, I tried to read /etc/passwd but…

web-application java file-access tomcat file-inclusion

asked Nov 19 '18 at 23:29

puni aze

11
1
3

Questions tagged [file-access]