Ensure restrictive umask values
Description
The umask function call sets the process's file mode creation mask. umask values determine what permissions a file should be created with and who can read or write to these files. Ensure that umask is given the most restrictive possible setting depending on the context, usually 066 or 077.
Examples
Insecure Code
c
umask(0);Secure Code
c
umask(066);Remediation
Set umask to a restrictive value, such as umask(066) or umask(077), depending on the context.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0560 |
| Category | InsecureConfig |
| Severity | HIGH |
| CWE | CWE-732 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | security misconfiguration |
| OWASP | A6:2017-Security Misconfiguration, A05:2021-Security Misconfiguration |