That’s all we can say right now.
Files should be created with restrictive file permissions to prevent vulnerabilities such as information disclosure and code execution. In particular, any files which may contain confidential information should be set to only permit access by the owning user/service and group (i.e., no world/other access).
POSIX based operating systems utilize a permissions model to protect access to parts of the file system. Every file in the POSIX file system has the following permissions:
Granting permissions to others
can lead to unintended access and modification to files. Discretion should be used when granting write access to files such as configuration files to prevent vulnerabilities, including denial of service and remote code execution.
It is recommended to assign the most restrictive permissions to files and directories.
import os
os.chmod('/etc/passwd', 0o227) # Insecure, read and write permission granted to others
os.chmod('~/.bashrc', 511) # Insecure, write permission granted to others
os.chmod('/etc/hosts', 0o777) # Insecure, write permission granted to group and others
import os
os.chmod('/etc/passwd', 0o664)
os.chmod('~/.bashrc', 0o644)
os.chmod('/etc/hosts', 0o700)