Tag Archives: Use of umask() with chmod-style Argument

CWE-560 – Use of umask() with chmod-style Argument

Read Time:24 Second

Description

The product calls umask() with an incorrect argument that is specified as if it is an argument to chmod().

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-687

 

Consequences

Confidentiality, Integrity, Access Control: Read Files or Directories, Modify Files or Directories, Bypass Protection Mechanism

 

Potential Mitigations

Phase: Implementation

Description: 

Use umask() with the correct argument.

Phase: Testing

Description: 

If you suspect misuse of umask(), you can use grep to spot call instances of umask().

CVE References