Contents
V1118. Excessive file permissions can lead to vulnerabilities. Consider restricting file permissions.
Excessive file permissions indicate security risks and may lead to vulnerabilities.
The analyzer checks the following system calls for excessive permissions: open, creat, openat, chmod, fchmod, fchmodat, mkdir, mkdirat, mkfifo, mkfifoat, mknod, mknodat, mq_open, and sem_open.
The example:
void foo(int param)
{
int perms = 0777;
int fd = open("/path/to/file", O_CREAT | O_RDONLY, perms);
if (fd < 0) return;
// some work
close(fd);
}The code uses the open system call to open a file and process the information it contains. If the file does not exist, it will be created via the O_CREAT flag in the second argument and have permissions specified by the number in the third argument. In this case, the 0777 mask allows any user to read, write, or execute this file, which can lead to vulnerabilities.
To fix the error, modify the permission mask:
void foo(int param)
{
int perms = 0644;
int fd = open("/path/to/file", O_CREAT | O_RDONLY, perms);
if (fd < 0) return;
// some work
close(fd);
}This diagnostic is classified as:
Was this page helpful?
