From the course: Threat Modeling: Spoofing In Depth
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
The nature of "open" and paths
From the course: Threat Modeling: Spoofing In Depth
The nature of "open" and paths
- Opening a file, it seems so simple, and often is. I call fd open file.txt, and get back a file descriptor to whatever file.txt happens to be in the current working directory. I hope it's the file I intended, but have little guarantee, and since I'm focused on the identity of the file I'm looking for, I think of these as a type of spoofing attack. I can add checks, I can authenticate the identity of a file. Part of the authenticity of a file is where it's stored. The truth about the Kennedy assassination is a different file when it's at the National Archives versus some conspiracy theory website. And so the question of paths starts to matter a lot. Some paths are in your code, some are supplied by a person using your code. We can be attacked via the path or by the file to which the pathname refers. Paths come from user input, for example, a file selection box, or other code like a web browser. Paths in code or the .h files, are usually more trust worthy than those from a local user…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.