Corgea LogoCorgea Security Hub

CWE-378: Creation of Temporary File With Insecure Permissions

Learn about CWE-378 (Creation of Temporary File With Insecure Permissions), its security impact, exploitation methods, and prevention guidelines.

What is Creation of Temporary File With Insecure Permissions?

• Overview: Creation of Temporary File With Insecure Permissions (CWE-378) refers to the practice of creating temporary files in a way that allows unauthorized access or modification. This vulnerability arises when temporary files are created with improper access controls, exposing them to potential attacks.

• Exploitation Methods:

  • Attackers can exploit this vulnerability by accessing or modifying the temporary files due to weak permissions.
  • Common attack patterns include reading sensitive data from temporary files, injecting malicious data, or replacing the file with a malicious version.

• Security Impact:

  • Direct consequences of successful exploitation include unauthorized data access, data corruption, or execution of malicious code.
  • Potential cascading effects include privilege escalation, denial of service, or compromising the entire system.
  • Business impact can involve data breaches, loss of customer trust, regulatory fines, and significant financial loss.

• Prevention Guidelines:

  • Specific code-level fixes include setting appropriate file permissions (e.g., using umask or equivalent) to restrict access to temporary files.
  • Security best practices involve creating temporary files in secure directories with appropriate access controls and regularly reviewing file permissions.
  • Recommended tools and frameworks include using secure libraries and APIs for file handling, such as those provided by the operating system or security-focused libraries.

Corgea can automatically detect and fix Creation of Temporary File With Insecure Permissions in your codebase. Try Corgea free today.

Technical Details

Likelihood of Exploit: High

Affected Languages: Not Language-Specific

Affected Technologies: Not specified

Vulnerable Code Example

import os
import tempfile

def create_temp_file_vulnerable(data):
    # Creates a temporary file with default permissions, which might be insecure
    temp_file = tempfile.NamedTemporaryFile(delete=False)  # File is created with default permissions
    with open(temp_file.name, 'w') as f:
        f.write(data)
    return temp_file.name

Explanation of the Vulnerability:

  • The NamedTemporaryFile function creates a temporary file with default system permissions. On many systems, this might allow other users to access the file if they have sufficient directory permissions. This is risky if the file contains sensitive information, as unauthorized users could potentially read the data.

How to fix Creation of Temporary File With Insecure Permissions?

To fix this vulnerability, explicitly set restrictive permissions on the temporary file to ensure that only the creating user can read or write to it. On Unix-based systems, permissions can be set to 0o600, which allows only the file owner to read and write.

Fixed Code Example

import os
import tempfile

def create_temp_file_secure(data):
    # Securely create a temporary file with restricted permissions
    fd, temp_file_path = tempfile.mkstemp()  # Securely create a temporary file
    try:
        # Set file permissions to read/write for the owner only
        os.chmod(temp_file_path, 0o600)  # Secure the file permissions
        with open(temp_file_path, 'w') as f:
            f.write(data)
    finally:
        os.close(fd)  # Ensure the file descriptor is closed
        os.remove(temp_file_path)  # Ensure the file is deleted after use
    return temp_file_path

Explanation of the Fix:

  • The tempfile.mkstemp() function is used to create a temporary file securely. It returns a file descriptor and a path, ensuring the file is created with restricted access initially.
  • The os.chmod(temp_file_path, 0o600) line explicitly sets the file permissions to be readable and writable only by the file owner, preventing unauthorized access.
  • The file descriptor is closed with os.close(fd), and the file is explicitly removed with os.remove(temp_file_path) to prevent any leftover sensitive data. This ensures that the temporary file is securely managed throughout its lifecycle.

By implementing these changes, you can significantly reduce the risk of unauthorized access to temporary files containing sensitive information.

Corgea Logo

Find this vulnerability and fix it with Corgea

Scan your codebase for CWE-378: Creation of Temporary File With Insecure Permissions and get remediation guidance

Start for free and no credit card needed.