Page History

...

If files are created without appropriate permissions, an attacker may read or write to the files, possibly resulting in compromised system integrity and information disclosure.

Rule	Severity	Likelihood

Remediation Cost

Detectable	Repairable	Priority	Level
FIO01-J	Medium	Probable

High

No

P4

L3

Automated Detection

Tool

Version

Checker

Description

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

JAVA.IO.PERM.ACCESS
JAVA.IO.PERM

Accessing file in permissive mode
Permissive file mode

Parasoft Jtest

Include Page

	Parasoft_V
	Parasoft_V

CERT.FIO01.ASNF
CERT.FIO01.CFAP

Avoid implicit file creation when a String is passed as an argument
Create files with appropriate access permissions

PVS-Studio

Include Page

	PVS-Studio_V
	PVS-Studio_V

V5318

Related Guidelines

SEI CERT C++ Coding Standard	VOID FIO06-CPP. Create files with appropriate access permissions
SEI CERT C Coding Standard	FIO06-C. Create files with appropriate access permissions
ISO/IEC TR 24772:2010	Missing or Inconsistent Access Control [XZN]
MITRE CWE	CWE-279, Incorrect Execution-Assigned Permissions CWE-276, Incorrect Default Permissions CWE-732, Incorrect Permission Assignment for Critical Resource

Android Implementation Details

Creating files with weak permissions may allow malicious applications to access the files.

Bibliography

[API 2014]


[CVE]


[Dowd 2006]	Chapter 9, "UNIX 1: Privileges and Files"
[J2SE 2011]


[OpenBSD]


[Open Group 2004]	"The `open` Function" "The `umask` Function"
[Viega 2003]	Section 2.7, "Restricting Access Permissions for New Files on UNIX"

...

Space shortcuts

Page tree

Versions Compared

Old Version 76

New Version Current

Key

Automated Detection

Related Guidelines

Android Implementation Details

Bibliography