Creating a file with weak overly permissive access permissions may allow unintended an unprivileged user to access to that file. Although access permissions are heavily dependent on the file system, many file-creation functions provide mechanisms to set (or at least influence) access permissions. When these functions are used to create files, appropriate access permissions should be specified to prevent unintended access.
...
The fopen() function does not allow the programmer to explicitly specify file access permissions. In the this non-compliant code example below, if the call to fopen() creates a new file, the access permissions are implementation-defined.
...
The 'u' character can be thought of as standing for "umask," meaning that these are the same permissions that the file would have been created with had it been created by fopen().
| Code Block | ||
|---|---|---|
| ||
FILE *fptr;
errno_t res = fopen_s(&fptr, file_name, "w");
if (res != 0) {
/* Handle Error */
}
|
...
Using the POSIX function open() to create a file, but failing to provide access permissions for that file, may cause the file to be created with unintended overly permissive access permissions. This omission has been known to lead to vulnerabilities (for instance, CVE-2006-1174).
...
Access permissions for the newly created file should be specified in the third parameter argument to open(). Again, the permissions will be are modified by the value of umask().
...