Compound Element ID: 689 (Compound Element Base: Composite)
Status: Draft
Description
Description Summary
The product, while copying or cloning a resource, does not set the resource's permissions or access control until the copy is complete, leaving the resource exposed to other spheres while the copy is taking place.
Time of Introduction
Implementation
Applicable Platforms
Languages
C
Perl
Common Consequences
Scope
Effect
Confidentiality
Integrity
Technical Impact: Read application
data; Modify application
data
database product creates files world-writable
before initializing the setuid bits, leading to modification of
executables.
Other Notes
This is a general issue, although few subtypes are currently known. The
most common examples occur in file archive extraction, in which the product
begins the extraction with insecure default permissions, then only sets the
final permissions (as specified in the archive) once the copy is complete.
The larger the archive, the larger the timing window for the race condition.
This weakness has also occurred in some operating system utilities that
perform copies of deeply nested directories containing a large number of
files.
Weakness Ordinalities
Ordinality
Description
Primary
(where
the weakness exists independent of other weaknesses)
Under-studied. It seems likely that this weakness could occur in any
situation in which a complex or large copy operation occurs, when the
resource can be made available to other spheres as soon as it is created,
but before its initialization is complete.
[REF-7] Mark Dowd, John McDonald
and Justin Schuh. "The Art of Software Security Assessment". Chapter 9, "Permission Races", Page 533.. 1st Edition. Addison Wesley. 2006.
Description
