Creating a file with weak access permissions may allow unintended access to that file. Although access permissions are heavily dependent on the file system, many file-creation functions provide mechanisms to set (or at least influence) access permissions. When these functions are used to create files, appropriate access permissions should be specified to prevent unintended access.
...
Implementation Details
| Wiki Markup |
|---|
On POSIX -compliant systems, the permissions may be restricted by the value of the POSIX {{umask()}} function \[[Open Group 04|AA. C References#Open Group 04]\]. |
...
For OpenBSD and Linux operating systems, any created files will have mode S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH (0666), as modified by the process's umask value. (see fopen(3)).
...
| Wiki Markup |
|---|
The {{fopen_s()}} function defined in ISO/IEC TR 24731-1 \[[ISO/IEC TR 24731-1-2007|AA. C References#ISO/IEC TR 24731-1-2007]\] can be used to create a file with restricted permissions. Specifically, ISO/IEC TR 24731-1 states: |
If the file is being created, and the first character of the mode string is not 'u', to the extent that the underlying system supports it, the file shall have a file permission that prevents other users on the system from accessing the file. If the file is being created and the first character of the mode string is 'u', then by the time the file has been closed, it shall have the system default file access permissions.
...
Using the POSIX function open() to create a file, but failing to provide access permissions for that file, may cause the file to be created with unintended access permissions. This omission has been known to lead to vulnerabilities (for instance, CVE-2006-1174).
...