SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 35

changes.mady.by.user Jeffrey Gennari

Saved on

compared with

New Version 36

changes.mady.by.user Jeffrey Gennari

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Files should be created with appropriate access permissions. Creating a file with insufficient file access permissions may allow unintended access to program-critical files.

Non-compliant Code Example 1

...

Using the POSIX function open() to create a file but failing to provide access permissions for that file may cause that file to be created with unintended access permissions. This omission has been known to lead to vulnerabilities; for instance, CVE-2006-1174.

Code Block
bgColor#FFCCCC

...
int fd = open(file_name, O_CREAT | O_WRONLY); /* access permissions are missing */
if (fd == -1){
  /* Handle Error */
}
...

Compliant Code Solution 1 (POSIX)

Access permissions for the newly created file should be specified in the call to open().

Code Block
bgColor#ccccff

...
int fd = open(file_name, O_CREAT | O_WRONLY, file_access_permissions);
if (fd == -1){
  /* Handle Error */
}
...

Non-compliant Code Example 2

The fopen() function does not provide a mechanism to specify file access permissions. In the example below, if the call to fopen() creates a new file, the access permissions for that file will be implementation defined. Note that on POSIX compliant systems the permissions may be influenced by the value of umask().

Code Block
bgColor#FFCCCC
...
FILE * fptr = fopen(file_name, "w");
if (!fptr){
  /* Handle Error */
}
...

Compliant Code Solution

...

1

The fopen_s() function defined in ISO/IEC TR 24731-2006 provides some control over file access permissions. Specifically, the report states: "If the file is being created, and the first character of the mode string is not 'u', to the extent that the underlying system supports it, the file shall have a file permission that prevents other users on the system from accessing the file."

Code Block
bgColor#ccccff
...
File *fptr;
errno_t res = fopen_s(&fptr,file_name, "w");
if (res != 0) {
  /* Handle Error */
}
...

Non-compliant Code Example 2 (POSIX)

Using the POSIX function open() to create a file but failing to provide access permissions for that file may cause that file to be created with unintended access permissions. This omission has been known to lead to vulnerabilities; for instance, CVE-2006-1174.

Code Block
bgColor#FFCCCC

...
int fd = open(file_name, O_CREAT | O_WRONLY); /* access permissions are missing */
if (fd == -1){
  /* Handle Error */
}
...

Compliant Code Solution 2 (POSIX)

Access permissions for the newly created file should be specified in the call to open().

Code Block
bgColor#ccccff

...
int fd = open(file_name, O_CREAT | O_WRONLY, file_access_permissions);
if (fd == -1){
  /* Handle Error */
}
...

...