SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 121

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 122

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

When setting access permissions, it is important to make sure that an attacker is not able to alter them. (see See recommendation FIO15-C. Ensure that file operations are performed in a secure directory.).

Noncompliant Code Example (fopen())

...

Wiki Markup
On POSIX-compliant systems, the permissions may be restricted by the value of the POSIX {{umask()}} function \[[Open Group 042004|AA. Bibliography#Open Group 04]\].

Wiki Markup
The operating system modifies the access permissions by computing the intersection of the inverse of the umask and the permissions requested by the process \[[Viega 032003|AA. Bibliography#Viega 03]\]. For example, if the variable {{requested_permissions}} contained the permissions passed to the operating system to create a new file, the variable {{actual_permissions}} would be the actual permissions that the operating system would use to create the file:

...

Wiki Markup
The ISO/IEC TR 24731-1 function {{fopen_s()}} can be used to create a file with restricted permissions \[[ISO/IEC TR 24731-1:2007|AA. Bibliography#ISO/IEC TR 24731-1-2007]\]:

If the file is being created, and the first character of the mode string is not 'u', to the extent that the underlying system supports it, the file shall have a file permission that prevents other users on the system from accessing the file. If the file is being created and the first character of the mode string is 'u', then by the time the file has been closed, it shall have the system default file access permissions.

...

This example also violates rule EXP37-C. Call functions with the arguments intended by the API.

...

Wiki Markup
John Viega and Matt Messier also provide the following advice \[[Viega 032003|AA. Bibliography#Viega 03]\]:

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

Related Guidelines

CERT This rule appears in the C++ Secure Coding Standard as : FIO06-CPP. Create files with appropriate access permissions.

Bibliography

unmigrated-wiki-markup

\[[CVE|AA. Bibliography#CVE]\] \[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 7.19.5.3, "The {{fopen}} function" \[[

ISO/IEC PDTR 24772|AA. Bibliography#ISO/IEC PDTR 24772]\] TR 24772 "XZN Missing or Inconsistent Access Control"

ISO/IEC TR 24731-1:2007 Section 6.5.2.1, "The fopen_s function"

MITRE CWE: CWE-279, "Insecure Execution-assigned Permissions"

MITRE CWE: CWE-276, "Insecure Default Permissions"

MITRE CWE: CWE-732, "Incorrect Permission Assignment for Critical Resource"

Bibliography

Wiki Markup
\[[CVE|AA. Bibliography#CVE]\] Control"
\[[MITRE 07|AA. Bibliography#MITRE 07]\] [CWE-279|http://cwe.mitre.org/data/definitions/279.html], "Insecure Execution-assigned Permissions," and [CWE-276|http://cwe.mitre.org/data/definitions/276.html], "Insecure Default Permissions," [CWE-732|http://cwe.mitre.org/data/definitions/732.html], "Incorrect Permission Assignment for Critical Resource"
\[[OpenBSD|AA. Bibliography#OpenBSD]\]
\[[Open Group 042004|AA. Bibliography#Open Group 04]\] "The {{open}} function," and "The {{umask}} function"
\[[ISO/IEC TR 24731-1:2007|AA. Bibliography#SO/IEC TR 24731-1-2007]\] Section 6.5.2.1, "The {{fopen_s}} function"
\[[Viega 03Viega 2003|AA. Bibliography#Viega 03]\] Section 2.7,  "Restricting Access Permissions for New Files on UNIX"
\[[Dowd 062006|AA. Bibliography#Dowd 06]\] Chapter 9, "UNIX 1: Privileges and Files"

...