You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 15 Next »

Files should be created with appropriate access permissions. Creating a file with insufficient file access permissions may allow unintended access to program-critical files.

Non-compliant Code Example 1

Using the POSIX function open() to create a file but failing to provide access permissions for that file may cause that file to be created unintended access permissions. Neglecting to properly specify file access permissions when using open() has been known to lead to vulnerabilities; for instance, CVE-2006-1174.

...
int fd = open(file_name, O_CREAT | O_WRONLY); /* mode is missing */
if (fd == -1){
  /* Handle Error */
}
...

Compliant Code Solution 1

The third argument to open should be present to specify the access permissions for the newly created file.

...
int fd = open(file_name, O_CREAT | O_WRONLY, file_mode);
if (fd == -1){
  /* Handle Error */
}
...

Non-compliant Code Example 2

The fopen() function does not provide a mechanism to specify file access permissions. In the example below, if the call to fopen() creates a new file, the default access permissions will be implementation specific.

...
FILE * fptr = fopen(file_name, "w");
if (!fptr){
  /* Handle Error */
}
...

Compliant Code Solution 2

The fopen_s() function defined in ISO/IEC TR 24731-2006 provides some control over file access permissions. Specifically, the report states: "If the file is being created, and the first character of the mode string is not 'u', to the extent that the underlying system supports it, the file shall have a file permission that prevents other users on the system from accessing the file."

...
FILE * fptr = fopen_s(file_name, "w");
if (!fptr) {
  /* Handle Error */
}
...

References

  • No labels