Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Creating files with weak access permissions may allow unintended access to those files.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

FIO06-C

Medium

Probable

High

P4

L3

Automated Detection

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
(customization)

CodeSonar's custom checking infrastructure allows users to implement checks such as the following.

  • A check for all uses of fopen().
  • A check for calls to open() with only two arguments.
  • A check for calls to open() where the third argument does not satisfy some specified requirement.
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C5013
LDRA tool suite
Include Page
LDRA_V
LDRA_V
44 SEnhanced Enforcement
Polyspace Bug FinderR2016a

Umask used with chmod-style arguments

Vulnerable permission assignments

Argument to umask allows external user too much control

Argument gives read/write/search permissions to external users

PRQA QA-C Include PagePRQA QA-C_vPRQA QA-C_v5013Partially implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++ Coding StandardVOID FIO06-CPP. Create files with appropriate access permissions
CERT Oracle Secure Coding Standard for JavaFIO01-J. Create files with appropriate access permissions
ISO/IEC TR 24772:2013Missing or Inconsistent Access Control [XZN]
MITRE CWECWE-276, Insecure default permissions
CWE-279, Insecure execution-assigned permissions
CWE-732, Incorrect permission assignment for critical resource

Bibliography

[CVE]
 

[Dowd 2006]Chapter 9, "UNIX 1: Privileges and Files"
[IEEE Std 1003.1:2013]XSH, System Interfaces, open
XSH, System Interfaces, umask
[ISO/IEC 9899:2011]Subclause K.3.5.2.1, "The fopen_s Function"
[OpenBSD]
 

[Viega 2003]Section 2.7, "Restricting Access Permissions for New Files on UNIX"

...


...