Project

General

Profile

Actions
Copy link

Task #7952

open

tracking: CWE-732: File created without restricting permissions

Added by Victor Julien 4 days ago. Updated 4 days ago.

Status:
New
Priority:
Normal
Assignee:
Victor Julien
Target version:
9.0.0-beta1
Effort:
Difficulty:
Label:

Description

We generally use a simple fopen pattern when creating files. This is considered to be unsafe as it might create files with permissions that too broad.

There is a workaround, which is to set the umask config option the yaml. This should probably be enabled by default.

Github/CodeQL suggests a more explicit pattern of using open with explicit permission flags followed by fdopen to get a FILE pointer. This is fairly easy for C, but needs a bit more thought for Rust as there we'd need to add Unix specific logic.

Subtasks 5 (5 open0 closed)

Documentation #7953: doc: umask option not documentedNewOISF DevActions
Documentation #7954: doc: umask option not documented (8.0.x backport)AssignedOISF DevActions
Feature #7955: c: create files with explicit permissionsNewOISF DevActions
Feature #7956: rust: create files with explicit permissionsNewOISF DevActions
Task #7957: umask: enable by defaultNewOISF DevActions
Actions
Copy link
 #1

Updated by Victor Julien 4 days ago

  • Subtask #7953 added
Actions
Copy link
 #2

Updated by Victor Julien 4 days ago

  • Subtask #7955 added
Actions
Copy link
 #3

Updated by Victor Julien 4 days ago

  • Subtask #7956 added
Actions
Copy link
 #4

Updated by Victor Julien 4 days ago

  • Subtask #7957 added
Actions
Copy link

Also available in: Atom PDF