Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM cost reform

...

The constructors for FileOutputStream and FileWriter do not allow the programmer to explicitly specify file access permissions. In this noncompliant code example, the access permissions of any file created are implementation-defined and may not prevent unauthorized access.:

Code Block
bgColor#FFCCCC

Writer out = new FileWriter("file");

...

Java 1.6 and earlier lack a mechanism for specifying default permissions upon file creation. Consequently, the problem must be avoided or solved using some mechanism external to Java, such as by using native code and the Java Native Interface (JNI).

Compliant Solution (

...

POSIX)

The Java SE 7 new The  I/O facility (java.nio) provides classes for managing file access permissions. Additionally, many of the methods and constructors that create files accept an argument allowing the program to specify the initial file permissions.

The Files.newByteChannel() method allows a file to be created with specific permissions. This method is platform-independent, but the actual permissions are platform-specific. This compliant solution defines sufficiently restrictive permissions for POSIX platforms.:

Code Block
bgColor#ccccff

Path file = new File("file").toPath();

// Throw exception rather than overwrite existing file
Set<OpenOption> options = new HashSet<OpenOption>();
options.add(StandardOpenOption.CREATE_NEW);
options.add(StandardOpenOption.APPEND);

// File permissions should be such that only user may read/write file
Set<PosixFilePermission> perms =
    PosixFilePermissions.fromString("rw-------");
FileAttribute<Set<PosixFilePermission>> attr =
    PosixFilePermissions.asFileAttribute(perms);

try (SeekableByteChannel sbc =
         Files.newByteChannel(file, options, attr)) {
  // writeWrite data
};

Exceptions

FIO01-J-EX0: When a file is created inside a directory that is both secure and unreadable by untrusted users, that file may be created with the default access permissions. This could be the case if, for example, the entire file system is trusted or is accessible only to trusted users . See rule (see FIO00-J. Do not operate on files in shared directories for the definition of a secure directory).

FIO01-J-EX1: Files that do not contain privileged information need not be created with specific access permissions.

...

If files are created without appropriate permissions, an attacker may read or write to the files. This could result in the compromise of , possibly resulting in compromised system integrity and information disclosure.

Rule

Severity

Likelihood

Detectable

Remediation Cost

Repairable

Priority

Level

FIO01-J

Medium

medium

Probable

probable

No

high

No

P4

L3

Automated Detection

ToolVersionChecker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

JAVA.IO.PERM.ACCESS
JAVA.IO.PERM

Accessing file in permissive mode
Permissive file mode

Parasoft Jtest
Include Page
Parasoft_V
Parasoft_V

CERT.FIO01.ASNF
CERT.FIO01.CFAP

Avoid implicit file creation when a String is passed as an argument
Create files with appropriate access permissions

PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V5318

Related Guidelines

SEI CERT C++

Secure

Coding Standard

VOID FIO06-CPP. Create files with appropriate access permissions

SEI CERT C

Secure [

Coding Standard

FIO06-C. Create files with appropriate access permissions

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="564327fe-f648-40f4-97f3-b8050e28ac51"><ac:plain-text-body><![CDATA[

ISO/IEC TR 24772:2010
http://www.aitcnet.org/isai/]

Missing or Inconsistent Access Control [XZN

] ]

]

></ac:plain-text-body></ac:structured-macro>

MITRE CWE

CWE-279

.

, Incorrect

execution

Execution-

assigned permissions

Assigned Permissions

 

CWE-276

.

, Incorrect

default permissions

Default Permissions

 

CWE-732

.

, Incorrect

permission assignment for critical resource

Bibliography

Permission Assignment for Critical Resource

Android Implementation Details

Creating files with weak permissions may allow malicious applications to access the files.

Bibliography

[API 2014]


[CVE]


[Dowd 2006

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="16f6ae26-e89d-4551-826b-5d5b36686ff7"><ac:plain-text-body><![CDATA[

[[API 2006

AA. Bibliography#API 06]]

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="93452ab8-5a11-42da-8e2e-1863dc254377"><ac:plain-text-body><![CDATA[

[[CVE

AA. Bibliography#CVE]]

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="dfc9e262-ff60-48f8-b07b-4397ab9e7165"><ac:plain-text-body><![CDATA[

[[Dowd 2006

AA. Bibliography#Dowd 06]<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="4f3dea20-7102-4ef4-b37c-a66076043b54"><ac:plain-text-body><![CDATA

]

Chapter 9, "UNIX 1: Privileges and Files"

]]></ac:plain-text-body></ac:structured-macro>

[

[[

J2SE 2011

AA. Bibliography#J2SE 11]]

 

]

]></ac:plain-text-body></ac:structured-macro><ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="94f68f3c-7d96-46f1-a721-b02150af456d"><ac:plain-text-body><![CDATA[


[

[

OpenBSD

AA. Bibliography#OpenBSD]]

 

]

]

></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="7fc90953-7e37-47a8-86b3-201ddc80efe4"><ac:plain-text-body><! [[


[

CDATA[

Open Group 2004

AA. Bibliography#Open Group 04

]

]

"The open

function,

Function"

and


"The umask

function"

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="4cfbdabd-c364-455e-aab5-9aa56c1eef91"><ac:plain-text-body><![CDATA[

[[Viega 2003

AA. Bibliography#Viega 03]]

Function"

[Viega 2003]

Section 2.7, "Restricting Access Permissions for New Files on UNIX"

]]></ac:plain-text-body></ac:structured-macro>


...

Image Removed      12. Input Output (FIO)      Image Added Image Added