...
On POSIX-compliant systems, the permissions may be restricted by the value of the POSIX umask()
function [Open Group 2004IEEE Std 1003.1:2013].
The operating system modifies the access permissions by computing the intersection of the inverse of the umask and the permissions requested by the process [Viega 2003]. For example, if the variable requested_permissions
contained the permissions passed to the operating system to create a new file, the variable actual_permissions
would be the actual permissions that the operating system would use to create the file:
...
Creating files with weak access permissions may allow unintended access to those files.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
FIO06-C | Medium | Probable | High | P4 | L3 |
Automated Detection
Tool | Version | Checker | Description |
---|
CodeSonar |
|
|
|
(customization) | CodeSonar's custom checking infrastructure allows users to implement checks such as the following.
| ||||||||
Helix QAC |
| C5013 | |||||||
LDRA tool suite |
| 44 S | Enhanced Enforcement |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
SEI CERT C++ |
Coding Standard | VOID FIO06-CPP. Create files with appropriate access permissions |
CERT Oracle Secure Coding Standard for Java | FIO01-J. Create files with appropriate access permissions |
ISO/IEC TR 24772:2013 | Missing or Inconsistent Access Control [XZN] |
MITRE CWE | CWE-276, Insecure default permissions CWE-279, Insecure execution-assigned permissions CWE-732, Incorrect permission assignment for critical resource |
Bibliography
[CVE] |
[Dowd 2006] | Chapter 9, "UNIX 1: Privileges and Files" |
[IEEE Std 1003.1:2013] | XSH, System Interfaces, open XSH, System Interfaces, umask |
[ISO/IEC 9899:2011] | Subclause K.3.5.2.1, "The fopen_s Function" |
[OpenBSD] |
open
Function""The
umask
Function"[ |
Viega 2003] | Section 2.7, "Restricting Access Permissions for New Files on UNIX" |
...
...