This CWE-560 entry relates to insecure resource permissions due to the improper usage of the umask() function. Developers are advised to implement umask() correctly to mitigate security risks.

CWE-946: Insecure Resource Permissions

CWE-1412: Inadequate Coding Techniques

Learn how CWE-560, involving insecure resource permissions, can be exploited due to the mishandling of the umask() function. Proper implementation of umask() is crucial for securing applications.

CWE-560: Insecure Resource Permissions | umask() Function Misuse

Certain umask() manual pages start with an inaccurate claim stating that "umask sets the umask to mask & 0777". While this behavior would align better with the usage of chmod(), where the user-provided argument determines the bits to enable on the specified file, the actual behavior of umask() is the opposite. umask() sets the umask to ~mask & 0777. The documentation proceeds to clarify the correct usage of umask(): "The umask is employed by open() to establish the initial file permissions on a newly-created file. Specifically, permissions in the umask are deactivated from the mode argument to open(2) (hence, for example, when the umask default value is 022, new files are generated with permissions 0666 & ~022 = 0644 = rw-r--r-- in cases where the mode is specified as 0666)."

CWE-560: Insecure Resource Permissions with umask() Function Misuse

Is your System Free of Underlying Vulnerabilities?
Find Out Now

CWE-560: Insecure Resource Permissions with umask() Function Misuse

Is your System Free of Underlying Vulnerabilities? Find Out Now

Is your System Free of Underlying Vulnerabilities?
Find Out Now