CWE-560 在chmod类型参数中使用umask()
Use of umask() with chmod-style Argument
结构: Simple
Abstraction: Variant
状态: Draft
被利用可能性: unkown
基本描述
The product calls umask() with an incorrect argument that is specified as if it is an argument to chmod().
相关缺陷
适用平台
Language: {'cwe_Name': 'C', 'cwe_Prevalence': 'Undetermined'}
常见的影响
范围 | 影响 | 注释 |
---|---|---|
['Confidentiality', 'Integrity', 'Access Control'] | ['Read Files or Directories', 'Modify Files or Directories', 'Bypass Protection Mechanism'] |
可能的缓解方案
Implementation
策略:
Use umask() with the correct argument.
Testing
策略:
If you suspect misuse of umask(), you can use grep to spot call instances of umask().
Notes
文章来源于互联网:scap中文网
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论