Page History

...

If files are created without appropriate permissions, an attacker may read or write to the files, possibly resulting in compromised system integrity and information disclosure.

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
FIO01-J	Medium	Probable	High	P4	L3

Automated Detection

Tool

Version

Checker

Description

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

JAVA.IO.PERM.ACCESS
JAVA.IO.PERM

Accessing File in Permissive Mode (Java)
Permissive File Mode (Java)

Related Guidelines

SEI CERT C++ Coding Standard	VOID FIO06-CPP. Create files with appropriate access permissions
SEI CERT C Coding Standard	FIO06-C. Create files with appropriate access permissions
ISO/IEC TR 24772:2010	Missing or Inconsistent Access Control [XZN]
MITRE CWE	CWE-279, Incorrect Execution-Assigned Permissions CWE-276, Incorrect Default Permissions CWE-732, Incorrect Permission Assignment for Critical Resource

Android Implementation Details

Creating files with weak permissions may allow malicious applications to access the files.

Bibliography

[API 2014]


[CVE]


[Dowd 2006]	Chapter 9, "UNIX 1: Privileges and Files"
[J2SE 2011]


[OpenBSD]


[Open Group 2004]	"The `open` Function" "The `umask` Function"
[Viega 2003]	Section 2.7, "Restricting Access Permissions for New Files on UNIX"

...

Space shortcuts

Page tree

Versions Compared

Old Version 76

New Version Current

Key

Automated Detection

Related Guidelines

Android Implementation Details

Bibliography