Restrict service root directory
Summary
The service process must have a root directory with access only to the necessary files.
Description
By restricting the service process to a specific root directory, the system can prevent unauthorized access to critical system files or confidential data. This is particularly important in environments where multiple services or applications run concurrently, each of them requiring its own isolated space. This helps to maintain the consistency of the system by preventing unintended modifications or deletions of critical files.
Supported In
This requirement is verified in following services
| Plan | Supported |
|---|---|
| Essential | 🔴 |
| Advanced | 🟢 |
References
- CAPEC™-122. Privilege abuse
- Agile Alliance-11. Best architectures, requirements, and designs
- CERT-J-FIO00-J. Do not operate on files in shared directories
- MITRE ATT&CK®-M1022. Restrict file and directory permissions
- SANS 25-8. Improper limitation of a pathname to a restricted directory (path traversal)
- HITRUST CSF-01_v. Information access restriction
- CWE TOP 25-22. Improper limitation of a pathname to a restricted directory (path traversal)
Vulnerabilities
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.