Installed file permissions are specified to allow anyone to edit those files during installation.
During the installation process, the software may apply unwanted permissions to directories, files, or other objects, which is called this flaw. As a result, a malicious user may be able to override security requirements that were not intended.
Access control lists (ACLs) differentiate access privileges for distinct users and groups in most current operating systems. A principal (e.g., a process or a threat acting on behalf of a user) works on objects in modern operating systems. Access to these objects (e.g., files, directories, registry keys, etc.) is critical for security measures employed in many operating systems, and permissions enforced on essential components of the operating system can influence system behaviour.
This flaw is usually exploitable only locally. A malicious individual could obtain access to sensitive data, tamper with sensitive data, or wholly compromise the susceptible system.
In Linux, any local user with world-writable access on a setuid/setgid executable can insert malicious content into it and execute arbitrary code with the file's owner's privileges.
Any application that can be writable by an unauthorized user is a security risk. This is because it can be exploited to elevate privileges on the system, such as if a malicious and unprivileged user updated it before being executed by a privileged one.
According to the architecture, only users who genuinely require those operations should have access to and modify file attributes.
Users and groups should appropriately manage ownership of files and folders. For example, allowing unwanted groups access to protected information is never good.
During installation, keep note of software's permissions for directories, files, and registry keys.
Never allow apps to give executable files world-readable permissions, especially in the system PATH environment variable or any other default search path, such as Windows, Windows/system32 directories, etc.