...
The fopen() function does not allow the programmer to explicitly specify file access permissions. In this noncompliant code example, if the call to fopen() creates a new file, the access permissions are implementation-defined.
| Code Block | ||||
|---|---|---|---|---|
| ||||
char *file_name;
FILE *fp;
/* initialize file_name */
fp = fopen(file_name, "w");
if (!fp){
/* Handle error */
}
|
...
The u character can be thought of as standing for "umask," meaning that these are the same permissions that the file would have been created with had it been created by fopen(). In this compliant solution, the u mode character is omitted so that the file is opened with restricted privileges (regardless of the umask).
| Code Block | ||||
|---|---|---|---|---|
| ||||
char *file_name;
FILE *fp;
/* initialize file_name */
errno_t res = fopen_s(&fp, file_name, "w");
if (res != 0) {
/* Handle error */
}
|
...
Using the POSIX open() function to create a file, but failing to provide access permissions for that file, may cause the file to be created with overly permissive access permissions. This omission has been known to lead to vulnerabilities, for example, CVE-2006-1174.
| Code Block | ||||
|---|---|---|---|---|
| ||||
char *file_name;
int fd;
/* initialize file_name */
fd = open(file_name, O_CREAT | O_WRONLY);
/* access permissions were missing */
if (fd == -1){
/* Handle error */
}
|
...
Access permissions for the newly created file should be specified in the third argument to open(). Again, the permissions are modified by the value of umask().
| Code Block | ||||
|---|---|---|---|---|
| ||||
char *file_name;
int file_access_permissions;
/* initialize file_name and file_access_permissions */
int fd = open(
file_name,
O_CREAT | O_WRONLY,
file_access_permissions
);
if (fd == -1){
/* Handle error */
}
|
...