Files should be created with appropriate access permissions. Creating a file with insufficient file access permissions may allow unintended access to program-critical files.
Non-compliant Code Example 1 (POSIX)
Using the POSIX function open() to create a file but failing to provide access permissions for that file may cause that file to be created with unintended access permissions. This omission has been known to lead to vulnerabilities; for instance, CVE-2006-1174.
| Code Block | ||
|---|---|---|
| ||
...
int fd = open(file_name, O_CREAT | O_WRONLY); /* access permissions are missing */
if (fd == -1){
/* Handle Error */
}
...
|
Compliant Code Solution 1 (POSIX)
Access permissions for the newly created file should be specified in the call to open().
...