...
Using the POSIX function open() to create a file but failing to provide access permissions for that file may cause that file to be created with unintended access permissions. This omission has been known to lead to vulnerabilities; for instance, CVE-2006-1174.
...
| Code Block |
|---|
...
File *fptr;
errno_t res = fopen_s(&fptr,file_name, "w");
if (res != 0) {
/* Handle Error */
}
...
|
Risk Assessment
Rule | Severity | Likelihood | Remediation Cost | Priority |
|---|
...
Level |
|---|
...
Component | |||||
|---|---|---|---|---|---|
| Value
| Severity | Likelihood | Remediation cost |
|
References
- ISO/IEC 9899-1999 Section 7.19.5.3, The fopen function
- Open Group 04 The open function
- ISO/IEC TR 24731-2006 Section 6.5.2.1, The fopen_s function
- CVE-2006-1174