|
|
|
|
CWE-277 Individual Dictionary Definition (Draft 9)
Weakness ID
| Status: Draft 277 (Weakness Variant) | | Description | Summary A product defines a set of insecure permissions that are inherited by objects that are
created by the program. | | Potential Mitigations | Very carefully manage the setting, management and handling of permissions. Explicitly
manage trust zones in the software. Design: Ensure that appropriate compartmentalization is built into the system design
and that the compartmentalization serves to allow for and further reinforce privilege
separation functionality. Architects and designers should rely on the principle of least
privilege to decide when it is appropriate to use and to drop system privileges. | | Observed Examples | | Reference | Description |
|---|
| CVE-2005-1841 | User's umask is used when creating temp files. | | CVE-2002-1786 | Insecure umask for core dumps [is the umask preserved or assigned?]. |
| | Relationships | | | Source Taxonomies | PLOVER - Insecure inherited permissions | | Applicable Platforms | All |
|
- Weakness
- Base
- Variant
- Class
- Chain
- Composite
- Category
- View
- Deprecated
