|
|
Status: Draft Weakness ID: 560 (Weakness Variant)Description Summary The product calls umask() with an incorrect argument that is specified as if it is an argument to chmod(). Potential Mitigations Use umask() with the correct argument. If you suspect misuse of umask(), you can use grep to spot call instances of umask(). Other Notes The umask() man page begins with the false statement: "umask sets the umask to mask & 0777" Although this behavior would better align with the usage of chmod(), where the user provided argument specifies the bits to enable on the specified file, the behavior of umask() is in fact opposite: umask() sets the umask to ~mask & 0777. The umask() man page goes on to describe the correct usage of umask(): "The umask is used by open() to set initial file permissions on a newly-created file. Specifically, permissions in the umask are turned off from the mode argument to open(2) (so, for example, the common umask default value of 022 results in new files being created with permissions 0666 & ~022 = 0644 = rw-r--r-- in the usual case where the mode is specified as 0666)." Relationships
Taxonomy Mappings
Applicable Platforms Languages C Time of Introduction  ImplementationContent History Submissions Anonymous Tool Vendor (under NDA). (Externally Mined) Modifications Eric Dalci. Cigital. 2008-07-01. (External) updated Potential_Mitigations CWE Content Team. MITRE. 2008-09-08. (Internal) updated Relationships, Other_Notes, Taxonomy_Mappings Previous Entry Names Often Misused: umask() (changed 2008-04-11) |
|
|
|||
