SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 132

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version 133

changes.mady.by.user John Benito

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

For OpenBSD and Linux operating systems, any file created will have mode S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH (0666), as modified by the process's umask value. (See fopen(3) in the OpenBSD Manual Pages [OpenBSD].)

Compliant Solution (fopen_s(),

...

C11 Annex K)

The ISO/IEC TR 24731-1 C11 Annex K function fopen_s() can be used to create a file with restricted permissions [ISO/IEC TR 24731-1:20079899:2011]:

If the file is being created, and the first character of the mode string is not 'u', to the extent that the underlying system supports it, the file shall have a file permission that prevents other users on the system from accessing the file. If the file is being created and the first character of the mode string is 'u', then by the time the file has been closed, it shall have the system default file access permissions.

...

Code Block
bgColor#ccccff
langc
char *file_name;
FILE *fp;

/* Initialize file_name */

errno_t res = fopen_s(&fp, file_name, "wwx");
if (res != 0) {
  /* Handle error */
}

...

CERT C++ Secure Coding StandardFIO06-CPP. Create files with appropriate access permissions
CERT Oracle Secure Coding Standard for JavaFIO01-J. Create files with appropriate access permissions
[ISO/IEC TR 24731-1:20079899:2011]Annex K.3Section 6.5.2.1, "The The fopen_s Function Function"
ISO/IEC TR 24772:2013Missing or Inconsistent Access Control [XZN]
MITRE CWECWE-276, Insecure default permissions
CWE-279, Insecure execution-assigned permissions
CWE-732, Incorrect permission assignment for critical resource

...