CERT C: Rec. FIO06-C

Create files with appropriate access permissions

Since R2024b

expand all in page

Description

Rule Definition

Create files with appropriate access permissions.¹

Polyspace Implementation

This checker checks for File opened without setting access permissions.

Examples

expand all

File opened without setting access permissions

Issue

File opened without setting access permissions occurs when you open a file without explicitly specifying access permissions on the file. You might be doing one of the following:

You might be opening a file using a function such as fopen() that does not support specifying access permissions.
You might be opening a file using a function such as fopen_s() or open() (POSIX^®) that supports access permissions, but you do not set appropriate access permissions at the time of file opening.

Risk

Opening a file without specifying access permissions could result in unprivileged access to the file.

Fix

To avoid unprivileged access, do the following at the time of file opening:

Avoid using file-opening functions such as fopen() that does not support specifying access permissions. Use alternative functions such as fopen_s() (supported since C11).
When using file opening functions, explicitly specify access permissions. For instance:
- When using the function fopen_s(), make sure that the access mode argument (third argument) does not start with the character u. The character u in the access mode specifier indicates that the file is opened with default access permissions.
- When using the POSIX function open(), make sure to specify a third argument that sets file permissions. Alternatively, you can use functions such as umask() to mask specific file permission bits when opening files.

Example – Use of fopen_s() with Default File Permissions

#include <stdio.h>

void writeContentsToFile (const char *fileName, const char* newContents) {
        FILE *fp;
        int res = fopen_s (&fp, fileName, "uw"); // Noncompliant
        if (res != 0){
            // Write contents to file
        }
}

In this example, the function fopen_s() opens a file using an access mode argument uw that begins with the character u. This mode argument indicates that the opened file has default access permissions, and might allow unprivileged access.

Correction – Restrict Access Permissions Using Mode Argument

Omit the character u from the access mode argument when opening a file using fopen_s().

#include <errno.h>
#include <stdio.h>

void writeContentsToFile (const char *fileName, const char* newContents) {
        FILE *fp;
        int res = fopen_s (&fp, fileName, "wx"); // Compliant
        if (res != 0){
            // Write contents to file
        }
}

Check Information

Group: Rec. 09. Input Output (FIO)

Version History

Introduced in R2024b

¹ This software has been created by MathWorks incorporating portions of: the “SEI CERT-C Website,” © 2017 Carnegie Mellon University, the SEI CERT-C++ Web site © 2017 Carnegie Mellon University, ”SEI CERT C Coding Standard – Rules for Developing safe, Reliable and Secure systems – 2016 Edition,” © 2016 Carnegie Mellon University, and “SEI CERT C++ Coding Standard – Rules for Developing safe, Reliable and Secure systems in C++ – 2016 Edition” © 2016 Carnegie Mellon University, with special permission from its Software Engineering Institute.

ANY MATERIAL OF CARNEGIE MELLON UNIVERSITY AND/OR ITS SOFTWARE ENGINEERING INSTITUTE CONTAINED HEREIN IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

This software and associated documentation has not been reviewed nor is it endorsed by Carnegie Mellon University or its Software Engineering Institute.