SEI CERT C Coding Standard

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 58 Next »

Files should be created with appropriate access permissions. Creating a file with insufficient file access permissions may allow unintended access to program-critical files. File permissions are heavily dependent on the underlying operating system. However, many file creation functions provide a way to influence access permissions. Setting appropriate access permissions on newly created files prevents unintended access to those files.

Non-Compliant Code Example: fopen()

The fopen() function does not provide a mechanism to explicitly specify file access permissions. In the example below, if the call to fopen() creates a new file, the access permissions for that file will be implementation defined.

...
FILE * fptr = fopen(file_name, "w");
if (!fptr){
  /* Handle Error */
}
...

Note that on POSIX compliant systems the permissions may be restricted by the value of umask(). More information on umask() is available in the POSIX specification.

Compliant Solution: fopen_s()

The fopen_s() function defined in ISO/IEC TR 24731-2006 provides some control over file access permissions. Specifically, the report states: "If the file is being created, and the first character of the mode string is not 'u', to the extent that the underlying system supports it, the file shall have a file permission that prevents other users on the system from accessing the file."

...
File *fptr;
errno_t res = fopen_s(&fptr,file_name, "w");
if (res != 0) {
  /* Handle Error */
}
...

Non-Compliant Code Example: open()

Using the POSIX function open() to create a file but failing to provide access permissions for that file may cause that file to be created with unintended access permissions. This omission has been known to lead to vulnerabilities; for instance, CVE-2006-1174.

...
int fd = open(file_name, O_CREAT | O_WRONLY); /* access permissions are missing */
if (fd == -1){
  /* Handle Error */
}
...

Compliant Solution: open()

Access permissions for the newly created file should be specified in the call to open(). Again, the permissions may be influenced by the value of umask().

...
int fd = open(file_name, O_CREAT | O_WRONLY, file_access_permissions);
if (fd == -1){
  /* Handle Error */
}
...

Risk Assessment

Creating files without appropriate access permissions may allow unintended access to those files.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

FIO06-A

2 (medium)

1 (unlikely)

2 (medium)

P4

L3

References

  • No labels