Potential time of check time of use vulnerability (chown)
Description
Usage of the `chown` function call hints at a potential Time Of Check Time Of Use (TOCTOU) vulnerability. An attacker may be able to modify the file being specified by the `chmod` function prior to the `chown` function being called. Since `chown` will resolve symbolic links, an attacker may be able to exploit this fact to have files outside of their control modified. It is recommended that the `fchown` or the `lchown` functions be used instead.
Examples
Insecure Code
c
chown("/path/to/file", uid, gid);Secure Code
c
fchown(fd, uid, gid);Remediation
Replace `chown` with `fchown` or `lchown` to prevent TOCTOU vulnerabilities. Ensure the opened file descriptor is pointing to the correct file or directory prior to executing `fchown` or any other file-based operations.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0608 |
| Category | AccessControl |
| Severity | MEDIUM |
| CWE | CWE-362 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | TOCTOU, file permissions |
| OWASP | A5:2017-Broken Access Control, A01:2021-Broken Access Control |