...
If files are created without appropriate permissions, an attacker may read or write to the files, possibly resulting in compromised system integrity and information disclosure.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
FIO01-J | Medium | Probable | High | P4 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
CodeSonar |
| JAVA.IO.PERM.ACCESS | Accessing File in Permissive Mode (Java) |
Related Guidelines
VOID FIO06-CPP. Create files with appropriate access permissions | |
Missing or Inconsistent Access Control [XZN] | |
CWE-279, Incorrect Execution-Assigned Permissions |
Android Implementation Details
Creating files with weak permissions may allow malicious applications to access the files.
Bibliography
[API 2014] |
[CVE] |
Chapter 9, "UNIX 1: Privileges and Files" | |
[OpenBSD] |
"The | |
Section 2.7, "Restricting Access Permissions for New Files on UNIX" |
...
...