...
Using the POSIX function open() to create a file but failing to provide access permissions for that file may cause that file to be created unintended access permissions. Neglecting to properly specify file access permissions when using open() has been known to lead to vulnerabilities; for instance, CVE-2006-1174.
| Code Block |
|---|
...
int fd = open(file_name, O_CREAT | O_WRONLY); /* mode is missing */
if (fd == -1){
/* Handle Error */
}
...
|
...
- ISO/IEC 9899-1999 Section 7.19.5.3, The fopen function
- Open Group 04 The open function
- ISO/IEC TR 24731-2006 Section 6.5.2.1, The fopen_s function
- CVE Ref CVE-2006-1174