...
Creating files with weak access permissions may allow unintended access to those files.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
FIO06-C | Medium | Probable | High | P4 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| CodeSonar |
| (customization) | CodeSonar's custom checking infrastructure allows users to implement checks such as the following.
| ||||||
| LDRA tool suite |
| 44 S | Enhanced Enforcement | ||||||
| Polyspace Bug Finder |
| Argument to Argument gives read/write/search permissions to external users | ||||||||
| PRQA QA-C |
| 5013 | Partially implemented |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| SEI CERT C++ Coding Standard | VOID FIO06-CPP. Create files with appropriate access permissions |
| CERT Oracle Secure Coding Standard for Java | FIO01-J. Create files with appropriate access permissions |
| ISO/IEC TR 24772:2013 | Missing or Inconsistent Access Control [XZN] |
| MITRE CWE | CWE-276, Insecure default permissions CWE-279, Insecure execution-assigned permissions CWE-732, Incorrect permission assignment for critical resource |
Bibliography
| [CVE] |
| [Dowd 2006] | Chapter 9, "UNIX 1: Privileges and Files" |
| [IEEE Std 1003.1:2013] | XSH, System Interfaces, openXSH, System Interfaces, umask |
| [ISO/IEC 9899:2011] | Subclause K.3.5.2.1, "The fopen_s Function" |
| [OpenBSD] |
| [Viega 2003] | Section 2.7, "Restricting Access Permissions for New Files on UNIX" |
...
...