CWE-689: Permission Race Condition During Resource Copy
Compound Element ID: 689
Abstraction: Base Structure: Composite
The product, while copying or cloning a resource, does not set the resource's permissions or access control until the copy is complete, leaving the resource exposed to other spheres while the copy is taking place.
Time of Introduction
Modes of Introduction
Common examples occur in file archive extraction, in which the product
begins the extraction with insecure default permissions, then only sets the
final permissions (as specified in the archive) once the copy is complete.
The larger the archive, the larger the timing window for the race
This weakness has also occurred in some operating system utilities that
perform copies of deeply nested directories containing a large number of
This weakness can occur in any type of functionality that involves copying
objects or resources in a multi-user environment, including at the
application level. For example, a document management system might allow a
user to copy a private document, but if it does not set the new copy to be
private as soon as the copy begins, then other users might be able to view
the document while the copy is still taking place.
Technical Impact: Read application
data; Modify application
Under-studied. It seems likely that this weakness could occur in any
situation in which a complex or large copy operation occurs, when the
resource can be made available to other spheres as soon as it is created,
but before its initialization is complete.