SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 70

changes.mady.by.user Robert Seacord

Saved on

compared with

New Version 71

changes.mady.by.user Robert Seacord

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#FFCCCC
...
FILE * fptr = fopen(file_name, "w");
if (!fptr){
  /* Handle Error */
}
...

Implementation Details

Wiki Markup
On POSIX compliant systems the permissions may be restricted by the value of the POSIX {{umask()}} function \[[Open Group 04|AA. C References#Open Group 04]\].

Wiki Markup
The operating system modifies the access permissions by computing the intersection of the inverse of the umask and the permissions requested by the process \[[Viega 03||AA. C References#Viega 03]\]. For example, if the variable {{requested_permissions}} contained the permissions passed to the operating system to create a new file, the variable {{actual_permissions}} would be the actual permissions that the operating system would use to create the file:

...

Code Block
bgColor#ccccff
...
int fd = open(file_name, O_CREAT | O_WRONLY, file_access_permissions);
if (fd == -1){
  /* Handle Error */
}
...

Wiki Markup
John Viega and Matt Messier also provide the following advice \[[Viega 03|AA. C References#Viega 03]\]:

Do not rely on setting the umask to a "secure" value once at the beginning of the program and then calling all file or directory creation functions with overly permissive file modes. Explicitly set the mode of the file at the point of creation. There are two reasons to do this. First, it makes the code clear; your intent concerning permissions is obvious. Second, if an attacker managed to somehow reset the umask between your adjustment of the umask and any of your file creation calls, you could potentially create sensitive files with wide-open permissions.

Risk Assessment

Creating files with weak access permissions may allow unintended access to those files.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

FIO06-A

2 (medium)

1 (unlikely)

2 (medium)

P4

L3

References

Wiki Markup
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.19.5.3, The fopen function

Wiki Markup
\[[Open Group 04|AA. C References#Open Group 04]\] "The open

...

 function," "The umask function"

Wiki Markup
\[[ISO/IEC TR 24731-2006|AA. C References#SO/IEC TR 24731-2006]\] Section

...

6.5.2.1, "The fopen_s function"

Wiki Markup
\[[CVE-2006-1174|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1174]\]

Wiki Markup
\[[Viega 03|AA. C References#Viega 03]\] Section 2.7 Restricting Access Permissions for New Files on Unix