Uploaded image for project: 'Rules Repository'
  1. Rules Repository
  2. RSPEC-2612

The most restrictive possible permissions should be assigned to system resources

    Details

    • Message:
      Ensure that the permissions on this object are being set as restrictively as possible.
    • Default Severity:
      Critical
    • Impact:
      High
    • Likelihood:
      Low
    • Targeted languages:
      C#, C, C++, Java, Objective-C, PHP, Python, Swift, VB.Net, VB6
    • Remediation Function:
      Constant/Issue
    • Constant Cost:
      5min
    • CERT:
      FIO01-J., FIO06-C.
    • CWE:
      CWE-732
    • SANS Top 25:
      Porous Defenses

      Description

      Setting object permissions should be done with an abundance of caution, to limit as far as possible who can execute, write to and read each file.

      This rule logs an issue when permissions are modified.

      Noncompliant Code Example

      char mode[] = "0777";
      int i;
      
      umask(0);  // Noncompliant
      FILE *out;
      out = fopen(fileName, "w");
      // ...
      
      i = strtol(mode, 0, 8);
      chmod (fileName,i); // Noncompliant
      

      See

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              ann.campbell.2 Ann Campbell
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: