CWE

Common Weakness Enumeration

A Community-Developed Dictionary of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.7)  

Presentation Filter:

CWE-689: Permission Race Condition During Resource Copy

 
Permission Race Condition During Resource Copy
Compound Element ID: 689 (Compound Element Base: Composite)Status: Draft
+ Description

Description Summary

The product, while copying or cloning a resource, does not set the resource's permissions or access control until the copy is complete, leaving the resource exposed to other spheres while the copy is taking place.
+ Time of Introduction
  • Implementation
+ Applicable Platforms

Languages

C

Perl

+ Modes of Introduction

Common examples occur in file archive extraction, in which the product begins the extraction with insecure default permissions, then only sets the final permissions (as specified in the archive) once the copy is complete. The larger the archive, the larger the timing window for the race condition.

This weakness has also occurred in some operating system utilities that perform copies of deeply nested directories containing a large number of files.

This weakness can occur in any type of functionality that involves copying objects or resources in a multi-user environment, including at the application level. For example, a document management system might allow a user to copy a private document, but if it does not set the new copy to be private as soon as the copy begins, then other users might be able to view the document while the copy is still taking place.

+ Common Consequences
ScopeEffect

Technical Impact: Read application data; Modify application data

+ Observed Examples
ReferenceDescription
Archive extractor decompresses files with world-readable permissions, then later sets permissions to what the archive specified.
Product inserts a new object into database before setting the object's permissions, introducing a race condition.
Error file has weak permissions before a chmod is performed.
Archive permissions issue using hard link.
Database product creates files world-writable before initializing the setuid bits, leading to modification of executables.
+ Weakness Ordinalities
OrdinalityDescription
(where the weakness exists independent of other weaknesses)
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
RequiresWeakness ClassWeakness Class362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Research Concepts1000
RequiresWeakness ClassWeakness Class732Incorrect Permission Assignment for Critical Resource
Research Concepts1000
ChildOfCategoryCategory275Permission Issues
Development Concepts (primary)699
ChildOfWeakness ClassWeakness Class732Incorrect Permission Assignment for Critical Resource
Research Concepts (primary)1000
+ Research Gaps

Under-studied. It seems likely that this weakness could occur in any situation in which a complex or large copy operation occurs, when the resource can be made available to other spheres as soon as it is created, but before its initialization is complete.

+ References
[REF-7] Mark Dowd, John McDonald and Justin Schuh. "The Art of Software Security Assessment". Chapter 9, "Permission Races", Page 533.. 1st Edition. Addison Wesley. 2006.
+ Content History
Modifications
Modification DateModifierOrganizationSource
2008-09-08MITREInternal
updated Applicable_Platforms, Relationships, Other_Notes, Weakness_Ordinalities
2009-03-10MITREInternal
updated Related_Attack_Patterns
2010-09-27MITREInternal
updated Relationships
2011-06-01MITREInternal
updated Common_Consequences
2012-05-11MITREInternal
updated References
2014-06-23MITREInternal
updated Modes_of_Introduction, Other_Notes
Page Last Updated: June 23, 2014