Monday, November 17, 2014

Principle of Least Privilege

What is the "Principle of Least Privilege"? It's the idea of only giving people access to what they need. It commonly comes up when talking about directories and file permissions, but it can apply to much more than that.

When was the last time you received a letter? As in a physical letter, sent to you in the mail (I know, it's been a while). If you dig one out and look at the "to" address, you'll probably see several pieces of information:

  1. <First Name> <Last Name>
  2. <Street Number> <Street Name>
  3. <Apartment>
  4. <City> <State>, <Zip Code>

Now here's a question, what parts of the address are necessary for the letter to arrive? You can debate parts of lines 2 - 4, but line 1 is clearly extraneous. It doesn't help the postal service deliver the letter. It does violate the principle of least privilege. The person delivering the letter now knows your name, they know the sender knows your name, and they probably know the name of the sender. Not the end of the world, but your network infrastructure might be quietly leaking similar information.

One easy place to look is at the web server header response using an nmap script. If you run this on your web server and get back accurate information about your webserver, it's leaking some information it doesn't need to. A good article on disabling this on Apache can be found here.