CAPEC-132

Detailed Abstraction Level
Meta — Very abstract, high-level category
Standard — Specific enough to understand
Detailed — Tied to specific technique
Draft MITRE CAPEC Status
Stable — Fully reviewed and complete
Draft — Under development
Incomplete — Partially defined
Deprecated — No longer recommended
Obsolete — Replaced by another CAPEC
Likelihood: Low Severity: High
Symlink Attack

Description

An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.

Prerequisites

The targeted application must perform the desired activities on a file without checking whether the file is a symbolic link or not. The adversary must be able to predict the name of the file the target application is modifying and be able to create a new symbolic link where that file would appear.

Mitigations

Design: Check for the existence of files to be created, if in existence verify they are neither symlinks nor hard links before opening them.

Implementation: Use randomly generated file names for temporary files. Give the files restrictive permissions.

Skills Required

[Low] To create symlinks

[High] To identify the files and create the symlinks during the file operation time window