...
Creating files with weak access permissions may allow unintended access to those files.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
FIO06-C | Medium | Probable | High | P4 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
CodeSonar |
| (customization) | CodeSonar's custom checking infrastructure allows users to implement checks such as the following.
| ||||||
Helix QAC |
| C5013 | |||||||
LDRA tool suite |
| 44 S | Enhanced Enforcement |
Argument to umask
allows external user too much control
Argument gives read/write/search permissions to external users
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
SEI CERT C++ Coding Standard | VOID FIO06-CPP. Create files with appropriate access permissions |
CERT Oracle Secure Coding Standard for Java | FIO01-J. Create files with appropriate access permissions |
ISO/IEC TR 24772:2013 | Missing or Inconsistent Access Control [XZN] |
MITRE CWE | CWE-276, Insecure default permissions CWE-279, Insecure execution-assigned permissions CWE-732, Incorrect permission assignment for critical resource |
Bibliography
[CVE] |
[Dowd 2006] | Chapter 9, "UNIX 1: Privileges and Files" |
[IEEE Std 1003.1:2013] | XSH, System Interfaces, open XSH, System Interfaces, umask |
[ISO/IEC 9899:2011] | Subclause K.3.5.2.1, "The fopen_s Function" |
[OpenBSD] |
[Viega 2003] | Section 2.7, "Restricting Access Permissions for New Files on UNIX" |
...
...