Files on multiuser systems are generally owned by a particular user. The owner of the file can determine which other users on the system should be allowed to access the contents of these files.
These filesystems file systems generally use a privileges and permissions model to protect file access. When a file is created, the access permissions of the file immediately dictate who may access or operate on the file. If a program creates a file with insufficiently restrictive access permissions, an attacker may read or modify the file before the program can modify the permissions. Consequently, files must be created with access permissions that prevent unauthorized file access.
...
FIO03-EX0: If a file is created inside a directory that is both secure and unreadable by untrusted users, then that file may be created with the default access permissions. See FIO07-J. Remove temporary files before termination for the definition of a secure directory. This could be the case if, for example, the entire filesystem file system is trusted, or is accessible only to trusted users.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="70157db52138239e-0e010d50-4b774731-9387a5cd-8a963a6c25e624d4613a7a9e"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] |
| ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="efe70ea7edca7960-6feae9fd-48154013-99d2aa4d-9ac3ac3919cb70e94acda434"><ac:plain-text-body><![CDATA[ | [[CVE | AA. Bibliography#CVE]] |
| ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e9d645bed7c0285d-81a3d650-476a4899-8a0182fd-453a7df808397f2a47cc3996"><ac:plain-text-body><![CDATA[ | [[Dowd 2006 | AA. Bibliography#Dowd 06]] | Chapter 9, "UNIX 1: Privileges and Files" | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1282c3908c7b2df4-c09931ec-4d3f4afd-899db265-836cbaf11c364118028800fb"><ac:plain-text-body><![CDATA[ | [[J2SE 2011 | AA. Bibliography#J2SE 11]] |
| ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="dba80dab108798d0-db819e1f-46ef4f8f-913f912a-f0ffbd1fb44c5eed8e76dfcf"><ac:plain-text-body><![CDATA[ | [[OpenBSD | AA. Bibliography#OpenBSD]] |
| ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1df1b65d9926645f-5e52a753-4393427d-ad4db891-e789ebc97200ec7bcc426a34"><ac:plain-text-body><![CDATA[ | [[Open Group 2004 | AA. Bibliography#Open Group 04]] | "The | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="beae0fcde5426181-714e01ac-4ab94909-ac349a61-7a88ef2af34aa676addbe17d"><ac:plain-text-body><![CDATA[ | [[Viega 2003 | AA. Bibliography#Viega 03]] | Section 2.7, "Restricting Access Permissions for New Files on UNIX" | ]]></ac:plain-text-body></ac:structured-macro> |
...