CWE-560 在chmod类型参数中使用umask()

Use of umask() with chmod-style Argument

结构: Simple

Abstraction: Variant

状态: Draft

被利用可能性: unkown

基本描述

The product calls umask() with an incorrect argument that is specified as if it is an argument to chmod().

相关缺陷

• cwe_Nature: ChildOf cwe_CWE_ID: 687 cwe_View_ID: 1000 cwe_Ordinal: Primary

适用平台

Language: {'cwe_Name': 'C', 'cwe_Prevalence': 'Undetermined'}

常见的影响

范围	影响	注释
['Confidentiality', 'Integrity', 'Access Control']	['Read Files or Directories', 'Modify Files or Directories', 'Bypass Protection Mechanism']

可能的缓解方案

Implementation

策略:

Use umask() with the correct argument.

Testing

策略:

If you suspect misuse of umask(), you can use grep to spot call instances of umask().

Notes

文章来源于互联网:scap中文网