Files should be created with appropriate access permissions. Creating a file with insufficient file access permissions may allow unintended access to program-critical files. File permissions are heavily dependent on the underlying operating system. This recommendation offers three examples of how to specify access permissions for newly created files using standard C , Windows API, and POSIX functions.
Non-compliant Code Example (Standard C)
...
| Code Block | ||
|---|---|---|
| ||
...
int fd = open(file_name, O_CREAT | O_WRONLY, file_access_permissions);
if (fd == -1){
/* Handle Error */
}
...
|
Compliant Solution (Windows)
...
. |
...
| Code Block |
|---|
HANDLE CreateFile( LPCTSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile ); |
Access permissions for new created files are controlled by a combination of the dwShareMode, lpSecurityAttributes, and {dwFlagsAndAttributes}} parameters.
The dwSharedMode parameter is known as the sharing mode of a file. According to Microsoft, "An open file that is not shared cannot be opened again, either by the application that opened it or by another application, until its handle has been closed."
The lpSecurityAttributes parameter is used to specify access controls for the newly created file. If this parameter is NULL, the created file is assigned default access controls, which is inherited from the parent directory of the file.
...
Risk Assessment
Creating files without appropriate access permissions may allow unintended access to those files.
...