Project

General

Profile

Actions
Copy link

Task #7952

open
VJ VJ

tracking: CWE-732: File created without restricting permissions

Task #7952: tracking: CWE-732: File created without restricting permissions

Added by Victor Julien 6 months ago. Updated 5 months ago.

Status:
Assigned
Priority:
Normal
Assignee:
Victor Julien
Target version:
9.0.0-beta1
Effort:
Difficulty:
Label:

Description

We generally use a simple fopen pattern when creating files. This is considered to be unsafe as it might create files with permissions that too broad.

There is a workaround, which is to set the umask config option the yaml. This should probably be enabled by default.

Github/CodeQL suggests a more explicit pattern of using open with explicit permission flags followed by fdopen to get a FILE pointer. This is fairly easy for C, but needs a bit more thought for Rust as there we'd need to add Unix specific logic.

Subtasks 5 (5 open0 closed)

Documentation #7953: doc: umask option not documentedNewOISF DevActions
Documentation #7954: doc: umask option not documented (8.0.x backport)NewOISF DevActions
Feature #7955: c: create files with explicit permissionsNewOISF DevActions
Feature #7956: rust: create files with explicit permissionsNewOISF DevActions
Task #7957: umask: enable by defaultNewOISF DevActions

VJ Updated by Victor Julien 6 months ago Actions
Copy link
 #1

  • Subtask #7953 added

VJ Updated by Victor Julien 6 months ago Actions
Copy link
 #2

  • Subtask #7955 added

VJ Updated by Victor Julien 6 months ago Actions
Copy link
 #3

  • Subtask #7956 added

VJ Updated by Victor Julien 6 months ago Actions
Copy link
 #4

  • Subtask #7957 added

VJ Updated by Victor Julien 5 months ago Actions
Copy link
 #6

  • Status changed from New to Assigned
Actions
Copy link

Also available in: PDF Atom