...
| Code Block | ||
|---|---|---|
| ||
...
FILE * fptr = fopen(file_name, "w");
if (!fptr){
/* Handle Error */
}
...
|
Compliant
...
Solution 1
The fopen_s() function defined in ISO/IEC TR 24731-2006 provides some control over file access permissions. Specifically, the report states: "If the file is being created, and the first character of the mode string is not 'u', to the extent that the underlying system supports it, the file shall have a file permission that prevents other users on the system from accessing the file."
...
| Code Block | ||
|---|---|---|
| ||
...
int fd = open(file_name, O_CREAT | O_WRONLY); /* access permissions are missing */
if (fd == -1){
/* Handle Error */
}
...
|
Compliant
...
Solution 2 (POSIX)
Access permissions for the newly created file should be specified in the call to open(). Again, the permissions may be influenced by the value of umask().
...
Non-compliant Code Example 3 (Win32)
Compliant
...
Solution 3 (Win32)
Risk Assessment
Creating files without appropriate access permissions may allow unintended access to those files.
...