...
| Code Block |
|---|
...
int fd = open(file_name, O_CREAT | O_WRONLY); /* mode is missing */
if (fd == -1){
/* Handle Error */
}
...
|
Compliant Code Solution 1
The third argument to open should be present to specify the access permissions for the newly created file.
| Code Block |
|---|
...
int fd = open(file_name, O_CREAT | O_WRONLY, file_mode);
if (fd == -1){
/* Handle Error */
}
...
|
...
The C standard function fopen() does not provide a mechanism to specify file access permissions. In the example below, if the call to fopen() creates a new file, the default access permissions will be implementation specific.
| Code Block |
|---|
... |
...
FILE * fptr = fopen(file_name, "w"); |
...
if (!fptr){ |
...
/* Handle Error */ |
...
} |
...
... |
Compliant Code Solution 2
The fopen_s() function defined in ISO/IEC TR 24731-2006 provides some control over file access permissions. Specifically, the report states: "If the file is being created, and the first character of the mode string is not 'u', to the extent that the underlying system supports it, the file shall have a file permission that prevents other users on the system from accessing the file."
| Code Block |
|---|
...
FILE * fptr = fopen_s(file_name, "w");
if (!fptr) {
/* Handle Error */
}
}
...
|
| Code Block |
|---|
References
- ISO/IEC 9899-1999 Section 7.19.5.3, The fopen function
- Open Group 04 The open function
- ISO/IEC TR 24731-2006 Section 6.5.2.1, The fopen_s function
- CVE Ref CVE-2006-1174