Too-permissive umask values :: Xygeni Documentation

Description

The umask value $MASK is too permissive, allowing world or group write access to created files. A umask of 0 means no permissions are masked, creating files with mode 0666 (rw-rw-rw-). Use a more restrictive umask like 077 (owner only) or 027 (owner + group read).

Rationale

The umask value $MASK is too permissive, allowing world or group write access to created files. A umask of 0 means no permissions are masked, creating files with mode 0666 (rw-rw-rw-). Use a more restrictive umask like 077 (owner only) or 027 (owner + group read).

Remediation

Follow secure coding practices and review the references below for detailed remediation guidance.

Configuration

This detector does not need any configuration.

References

CWE-732
OWASP Top 10 2021 - A05 : Security Misconfiguration.
https://en.wikipedia.org/wiki/Umask#Mask_effect
CERTC-FIO06-C