Files should be created with appropriate access permissions. Creating a file with insufficient file access permissions may allow unintended access to program-critical files.
Using the POSIX function open() to create a file but failing to provide access permissions for that file may cause that file to be created unintended access permissions. Neglecting to properly specify file access permissions when using open() has been known to lead to vulnerabilities; for instance, CVE-2006-1174.
...
int fd = open(file_name, O_CREAT | O_WRONLY); /* mode is missing */
if (fd == -1){
/* Handle Error */
}
...
|
The third argument to open should be present to specify the access permissions for the newly created file.
...
int fd = open(file_name, O_CREAT | O_WRONLY, file_mode);
if (fd == -1){
/* Handle Error */
}
...
|
The fopen() function does not provide a mechanism to specify file access permissions. In the example below, if the call to fopen() creates a new file, the default access permissions will be implementation specific.
...
FILE * fptr = fopen(file_name, "w");
if (!fptr){
/* Handle Error */
}
...
|
The fopen_s() function defined in ISO/IEC TR 24731-2006 provides some control over file access permissions. Specifically, the report states: "If the file is being created, and the first character of the mode string is not 'u', to the extent that the underlying system supports it, the file shall have a file permission that prevents other users on the system from accessing the file."
...
FILE * fptr = fopen_s(file_name, "w");
if (!fptr) {
/* Handle Error */
}
...
|