Files should be created with appropriate access permissions. Creating a file with insufficient file access permissions may allow unintended access to program-critical files.
Non-compliant Code Example 1
Using the POSIX function open() to create a file but failing to provide access permissions for that file may cause that file to be created unintended access permissions. Neglecting to properly specify file access permissions when using open() has been known to lead to vulnerabilities, such as CVE-2006-1174.
...
int fd = open(file_name, O_CREAT | O_WRONLY); /* mode is missing */
if (fd == -1){
/* Handle Error */
}
...
Compliant Code Solution 1
The third argument to open should be present to specify the access permissions for the newly created file.
...
int fd = open(file_name, O_CREAT | O_WRONLY, file_mode);
if (fd == -1){
/* Handle Error */
}
...
Non-compliant Code Example 2
The C standard function fopen() does not provide a mechanism to specify file access permissions. In the example below, if the call to fopen() creates a new file, the default access permissions will be implementation specific.
...
FILE * fptr = fopen(file_name, "w");
if (!fptr){
/* Handle Error */
}
...
Compliant Code Solution 2
The fopen_s() function defined in ISO/IEC TR 24731-2006 provides some control over file access permissions. Specifically, the report states: "If the file is being created, and the first character of the mode string is not 'u', to the extent that the underlying system supports it, the file shall have a file permission that prevents other users on the system from accessing the file."
...
FILE * fptr = fopen_s(file_name, "w");
if (!fptr) {
/* Handle Error */
}
...
References
- ISO/IEC 9899-1999 Section 7.19.5.3, The fopen function
- Open Group 04 The open function
- ISO/IEC TR 24731-2006 Section 6.5.2.1, The fopen_s function
- CVE Ref CVE-2006-1174