280 – Restrict service root directory

Summary

The service process must have a root directory with access only to the necessary files.

Description

By restricting the service process to a specific root directory, the system can prevent unauthorized access to critical system files or confidential data. This is particularly important in environments where multiple services or applications run concurrently, each of them requiring its own isolated space. This helps to maintain the consistency of the system by preventing unintended modifications or deletions of critical files.

Supported In

Advanced: True

References

• CAPEC-122. Privilege abuse
• AGILE-11. Best architectures, requirements, and designs
• CERTJ-FIO00-J. Do not operate on files in shared directories
• MITRE-M1022. Restrict file and directory permissions
• SANS25-8. Improper limitation of a pathname to a restricted directory (path traversal)
• HITRUST-01_v. Information access restriction
• CWE25-22. Improper limitation of a pathname to a restricted directory (path traversal)

Weaknesses

• 405 – Excessive privileges - Access Mode

Last updated

2024/02/05