SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 135

changes.mady.by.user Robert Seacord (Manager)

Saved on

compared with

New Version 136

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The fopen() function does not allow the programmer to explicitly specify file access permissions. In this noncompliant code example, if the call to fopen() creates a new file, the access permissions are implementation-defined.:

Code Block
bgColor#FFCCCC
langc
char *file_name;
FILE *fp;

/* initialize file_name */

fp = fopen(file_name, "w");
if (!fp){
  /* Handle error */
}

...

The u character can be thought of as standing for "umask," meaning that these are the same permissions that the file would have been created with had it been created by fopen(). In this compliant solution, the u mode character is omitted so that the file is opened with restricted privileges (regardless of the umask).:

Code Block
bgColor#ccccff
langc
char *file_name;
FILE *fp;

/* Initialize file_name */

errno_t res = fopen_s(&fp, file_name, "wx");
if (res != 0) {
  /* Handle error */
}

...

Using the POSIX open() function to create a file but failing to provide access permissions for that file may cause the file to be created with overly permissive access permissions. This omission has been known to lead to vulnerabilities, for vulnerabilities—for example, CVE-2006-1174.

Code Block
bgColor#FFCCCC
langc
char *file_name;
int fd;

/* initialize file_name */

fd = open(file_name, O_CREAT | O_WRONLY);
/* access permissions were missing */

if (fd == -1){
  /* Handle error */
}

...

CERT C++ Secure Coding StandardFIO06-CPP. Create files with appropriate access permissions
CERT Oracle Secure Coding Standard for JavaFIO01-J. Create files with appropriate access permissions[ISO/IEC 9899:2011]Annex K.3.5.2.1, "The fopen_s Function"
ISO/IEC TR 24772:2013Missing or Inconsistent Access Control [XZN]
MITRE CWECWE-276, Insecure default permissions
CWE-279, Insecure execution-assigned permissions
CWE-732, Incorrect permission assignment for critical resource

...

[CVE] 
[Dowd 2006]Chapter 9, "UNIX 1: Privileges and Files"
[ISO/IEC 9899:2011]Annex K.3.5.2.1, "The fopen_s Function"
[OpenBSD] 
[Open Group 2004]"The open Function"
"The umask Function"
[Viega 2003]Section 2.7, "Restricting Access Permissions for New Files on UNIX"

...