CWE Rule 560
Description
Rule Description
The product calls umask() with an incorrect argument that is specified as if it is an argument to chmod().
Polyspace Implementation
The rule checker checks for Umask used with chmod-style arguments.
Examples
This issue occurs when umask commands have arguments specified in the
style of arguments to chmod and provide
possibly unintended permissions. For instance:
The
umaskcommand provides more permissions to the group than the current user.The
umaskcommand provides more permissions to other users than the group.
For new files, the umask argument or the mask value specifies which
permissions not to set, in other words,
which permissions to remove. The mask is bitwise-negated and
then applied to new file permissions. In contrast,
chmod sets the permissions as you
specify them.
If you use chmod-style arguments, you specify opposite permissions of what
you want. This mistake can give external users
unintended read/write access to new files and
folders.
To fix this defect, perform both of these tasks:
Enable read permission for the user.
Set the mask value so that the user (
u) has equal or fewer permissions turned off than the group (g) and the group has equal or fewer permissions turned off than other users (o), oru <= g <= o.
You can see the umask value by calling,
umaskumask -S#include <stdio.h>
#include <assert.h>
#include <sys/types.h>
#include <sys/stat.h>
typedef mode_t (*umask_func)(mode_t);
const mode_t default_mode = (
S_IRUSR /* 00400 */
| S_IWUSR /* 00200 */
| S_IRGRP /* 00040 */
| S_IWGRP /* 00020 */
| S_IROTH /* 00004 */
| S_IWOTH /* 00002 */
); /* 00666 (i.e. -rw-rw-rw-) */
static void my_umask(mode_t mode)
{
umask(mode); //Noncompliant
}
int umask_use(mode_t m)
{
my_umask(default_mode);
return 0;
}This example uses a function called my_umask to
set the default mask mode. However, the default_mode variable
gives the permissions 666 or -rw-rw-rw. umask negates
this value. However, this negation means the default mask mode turns
off read/write permissions for the user, group users, and other outside
users.
One possible correction is to negate the default_mode argument
to my_umask. This correction nullifies the negation umask for
new files.
#include <stdio.h>
#include <assert.h>
#include <sys/types.h>
#include <sys/stat.h>
typedef mode_t (*umask_func)(mode_t);
const mode_t default_mode = (
S_IRUSR /* 00400 */
| S_IWUSR /* 00200 */
| S_IRGRP /* 00040 */
| S_IWGRP /* 00020 */
| S_IROTH /* 00004 */
| S_IWOTH /* 00002 */
); /* 00666 (i.e. -rw-rw-rw-) */
static void my_umask(mode_t mode)
{
umask(mode);
}
int umask_use(mode_t m)
{
my_umask(~default_mode);
return 0;
}Check Information
| Category: Others |
Version History
Introduced in R2023a
See Also
External Websites
MATLAB Command
You clicked a link that corresponds to this MATLAB command:
Run the command by entering it in the MATLAB Command Window. Web browsers do not support MATLAB commands.
Seleziona un sito web
Seleziona un sito web per visualizzare contenuto tradotto dove disponibile e vedere eventi e offerte locali. In base alla tua area geografica, ti consigliamo di selezionare: .
Puoi anche selezionare un sito web dal seguente elenco:
Come ottenere le migliori prestazioni del sito
Per ottenere le migliori prestazioni del sito, seleziona il sito cinese (in cinese o in inglese). I siti MathWorks per gli altri paesi non sono ottimizzati per essere visitati dalla tua area geografica.
Americhe
- América Latina (Español)
- Canada (English)
- United States (English)
Europa
- Belgium (English)
- Denmark (English)
- Deutschland (Deutsch)
- España (Español)
- Finland (English)
- France (Français)
- Ireland (English)
- Italia (Italiano)
- Luxembourg (English)
- Netherlands (English)
- Norway (English)
- Österreich (Deutsch)
- Portugal (English)
- Sweden (English)
- Switzerland
- United Kingdom (English)