Files on multiuser systems are generally owned by a particular user. The owner of the file can determine specify which other users on the system should be allowed to access the contents of these files.
These file systems generally use a privileges and permissions model to protect file access. When a file is created, the access permissions of the file immediately dictate who may access or operate on the file. If When a program creates a file with insufficiently restrictive access permissions, an attacker may read or modify the file before the program can modify the permissions. Consequently, files must be created with access permissions that prevent unauthorized file access.
...
In this noncompliant code example, the access permissions of any file created is are implementation-defined and may fail to prevent unauthorized access.
...
Compliant Solution (Java 1.6 and Earlier)
Java 1.6 and earlier provide no lack a mechanism for specifying default permissions upon file creation. Consequently, the problem must be avoided or solved using some mechanism external to Java, such as by using native code and Java Native Interface (JNI).
Compliant Solution (Java
...
SE 7, POSIX)
The Java 1.SE 7 new I/O facility (java.nio) provides classes for managing file access permissions. Additionally, many of the methods and constructors that create files accept an argument allowing the program to specify the initial file permissions.
...
| Code Block | ||
|---|---|---|
| ||
Path file = new File("file").toPath();
// Throw exception rather than overwrite existing file
Set<OpenOption> options = new HashSet<OpenOption>();
options.add(StandardOpenOption.CREATE_NEW);
options.add(StandardOpenOption.APPEND);
// File permissions should be such that only user may read/write file
Set<PosixFilePermission> perms =
PosixFilePermissions.fromString("rw-------");
FileAttribute<Set<PosixFilePermission>> attr =
PosixFilePermissions.asFileAttribute(perms);
try (SeekableByteChannel sbc =
Files.newByteChannel(file, options, attr)) {
// write data
};
|
Exceptions
FIO01-EX0: If When a file is created inside a directory that is both secure and unreadable by untrusted users, then that file may be created with the default access permissions. See rule FIO00-J. Do not operate on files in shared directories for the definition of a secure directory. This could be the case if, for example, the entire file system is trusted , or is accessible only to trusted users. See FIO00-J. Do not operate on files in shared directories for the definition of a secure directory.
FIO01-EX1: Files that do not contain sensitive information need not be created with specific access permissions.
Risk Assessment
Files created with insufficiently restrictive access permissions result in information disclosure, especially if the program creating the file populates the sensitive information. The ability to determine if whether an existing file has been opened or a new file has been created provides greater assurance that a file other than only the intended file is not acted upon.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
FIO01-J | medium | probable | high | P4 | L3 |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b72986e5803e9cbf-f9eab045-43b04b67-b717b8c3-bce6fa9d0469f564878b8f7e"><ac:plain-text-body><![CDATA[ | [ISO/IEC TR 24772:2010 | http://www.aitcnet.org/isai/] | " Missing or Inconsistent Access Control [XZN] " | ]]></ac:plain-text-body></ac:structured-macro> |
CWE-279. Incorrect Executionexecution-Assigned Permissions assigned permissions | ||||
| CWE-276. Incorrect Default Permissions default permissions | |||
| CWE-732. Incorrect Permission Assignment for Critical Resource permission assignment for critical resource |
Bibliography
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="f315834673d7277d-6aaf0739-4b114e3d-a7d39e2c-1ecd5bab6af38bcdca3b2f88"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] |
| ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="3937c3c880a79ccf-01354beb-4add45d3-b036b5f8-9f536fd17d7dc248b2cbf030"><ac:plain-text-body><![CDATA[ | [[CVE | AA. Bibliography#CVE]] |
| ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="65419259df1052e4-c9a4784d-4d404d9f-af918c70-bd5153869b43bdd50a1e5453"><ac:plain-text-body><![CDATA[ | [[Dowd 2006 | AA. Bibliography#Dowd 06]] | Chapter 9, "UNIX 1: Privileges and Files" | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ccc0e86b55af75c1-08d9ace7-4403495a-8f6bb2ee-d0d5170dd99591ece9d79bbf"><ac:plain-text-body><![CDATA[ | [[J2SE 2011 | AA. Bibliography#J2SE 11]] |
| ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e10b282d1ecd8fdf-bdf29b76-4b2b4134-a565885c-baf649fa649da4903a6bd08d"><ac:plain-text-body><![CDATA[ | [[OpenBSD | AA. Bibliography#OpenBSD]] |
| ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="feb569f2e4fd4491-e6eda108-4ac84da3-baf59798-3b816b40125ddae4167b64e7"><ac:plain-text-body><![CDATA[ | [[Open Group 2004 | AA. Bibliography#Open Group 04]] | "The | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="970b2e809acd29e1-53896e38-47b14c23-b9fdb396-c3307de8f73a3870bd4f63c2"><ac:plain-text-body><![CDATA[ | [[Viega 2003 | AA. Bibliography#Viega 03]] | Section 2.7, "Restricting Access Permissions for New Files on UNIX" | ]]></ac:plain-text-body></ac:structured-macro> |
...