CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Learn about CWE-379 (Creation of Temporary File in Directory with Insecure Permissions), its security impact, exploitation methods, and prevention guidelines.
What is Creation of Temporary File in Directory with Insecure Permissions?
• Overview: CWE-379 involves creating temporary files in directories with insecure permissions, potentially allowing unauthorized users to access or detect these files, revealing sensitive information about the application's activities.
• Exploitation Methods:
- Attackers can exploit this vulnerability by accessing directories with loose permissions to discover temporary files, gaining insights into application usage.
- Common attack patterns include monitoring directory contents to correlate with running processes or applications, potentially leading to further attacks.
• Security Impact:
- Direct consequences include unauthorized access to temporary files, which can reveal sensitive information.
- Potential cascading effects involve attackers using discovered information to compromise user actions or system processes.
- Business impact may involve data breaches, loss of user trust, and potential legal ramifications due to exposed sensitive information.
• Prevention Guidelines:
- Specific code-level fixes include setting secure permissions when creating directories or files to restrict unauthorized access.
- Security best practices involve using secure temporary file creation methods provided by the operating system or programming language libraries.
- Recommended tools and frameworks include those that manage file permissions automatically, such as secure file-handling libraries or frameworks that enforce best practices for file creation and access.
Corgea can automatically detect and fix Creation of Temporary File in Directory with Insecure Permissions in your codebase. Try Corgea free today.
Technical Details
Likelihood of Exploit:
Affected Languages: Not Language-Specific
Affected Technologies: Not specified
Vulnerable Code Example
const fs = require('fs');
const os = require('os');
const path = require('path');
function createTempFile(data) {
// Vulnerable: Creates a temporary file in the system's temp directory with default permissions,
// which may allow other users on the same system to access or modify the file.
const tempFilePath = path.join(os.tmpdir(), 'my_temp_file.txt');
fs.writeFileSync(tempFilePath, data);
return tempFilePath;
}
How to fix Creation of Temporary File in Directory with Insecure Permissions?
In this JavaScript example, the temporary file is created with default permissions, potentially exposing it to unauthorized access. To secure the file, we should create a unique temporary directory with restricted permissions and place the temporary file within this directory. This can be achieved using fs.mkdtempSync to ensure the directory is private, followed by creating the file with restricted permissions.
Fixed Code Example
const fs = require('fs');
const os = require('os');
const path = require('path');
function createTempFile(data) {
// Fixed: Creates a secure temporary directory and file with restricted permissions.
// This ensures that only the current user can read or write to the file.
const tempDir = fs.mkdtempSync(path.join(os.tmpdir(), 'my_temp_dir-'));
const tempFilePath = path.join(tempDir, 'my_temp_file.txt');
fs.writeFileSync(tempFilePath, data, { mode: 0o600 }); // File permissions set to owner read/write only
return tempFilePath;
}
In the fixed example, we demonstrate the use of fs.mkdtempSync to create a temporary directory with a unique name, reducing the risk of file name collisions and ensuring secure permissions. We also explicitly set the file permissions to 0o600, restricting access to the file owner only. This approach mitigates the risk of unauthorized access to the temporary file by other users on the system.