Files should be created with appropriate access permissions. Creating a file with insufficient file access permissions may allow unintended access to program-critical files. File permissions are heavily dependent on the underlying operating system. This recommendation offers three examples of how to specify access permissions for newly created files using standard C and POSIX functions.
Non-compliant Code Example
...
The fopen() function does not provide a mechanism to specify file access permissions. In the example below, if the call to fopen() creates a new file, the access permissions for that file will be implementation defined. Note that on POSIX compliant systems the permissions may be influenced by the value of umask(). More information on umask() is available in the POSIX specification.
| Code Block | ||
|---|---|---|
| ||
...
FILE * fptr = fopen(file_name, "w");
if (!fptr){
/* Handle Error */
}
...
|
Compliant Solution
...
The fopen_s() function defined in ISO/IEC TR 24731-2006 provides some control over file access permissions. Specifically, the report states: "If the file is being created, and the first character of the mode string is not 'u', to the extent that the underlying system supports it, the file shall have a file permission that prevents other users on the system from accessing the file."
...
- ISO/IEC 9899-1999 Section 7.19.5.3, The fopen function
- Open Group 04 The open function
- Open Group 04 The umask function
- ISO/IEC TR 24731-2006 Section 6.5.2.1, The fopen_s function
- CVE-2006-1174