Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possible world-writable file creation, LGTM warning #28

Closed
avan989 opened this issue Dec 18, 2019 · 3 comments
Closed

Possible world-writable file creation, LGTM warning #28

avan989 opened this issue Dec 18, 2019 · 3 comments
Labels
duplicate This issue or pull request already exists

Comments

@avan989
Copy link
Contributor

avan989 commented Dec 18, 2019
edited by skliper
Loading

Describe the bug
LGTM warning: A file may be created here with mode 0666, which would make it world-writable.

elf2cfetbl/elf2cfetbl.c

Lines 1446 to 1464 in eb5e326

// Check to see if output file can be opened and written
DstFileDesc = fopen(DstFilename, "w");
if (DstFileDesc == NULL)
{
printf("'%s' was not opened\n", DstFilename);
return FAILED;
}
/* Fix file if too permissive (CWE-732) */
if (stat(DstFilename, &dststat) == 0)
{
if (Verbose)
printf("%s: Destination file permissions after open = 0x%X\n", DstFilename, dststat.st_mode);
chmod(DstFilename, dststat.st_mode & ~(S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH | S_IWOTH | S_IXOTH));
stat(DstFilename, &dststat);
if (Verbose)
printf("%s: Destination file permissions after chmod = 0x%X\n", DstFilename, dststat.st_mode);
}

To Reproduce
Steps to reproduce the behavior:

  1. Build against lgtm

Reporter Info
Anh Van, NASA Goddard

EDIT - removed warnings covered by other issues (split)
EDIT - updated per latest warning
@ArielSAdamsNASA ArielSAdamsNASA mentioned this issue Aug 20, 2020
Closed
@skliper skliper mentioned this issue Aug 24, 2020
Closed
@skliper
Copy link
Contributor

skliper commented Aug 24, 2020

See #58 and #57, split from this issue.

@skliper skliper mentioned this issue Aug 24, 2020
Closed
@skliper
Copy link
Contributor

skliper commented Aug 24, 2020

See #60 split from this issue

@skliper skliper changed the title lgtm issues Possible world-writable file creation, LGTM warning Jan 26, 2021
@skliper
Copy link
Contributor

skliper commented Jan 26, 2021

This turns out to be a duplicated of #54, remaining warning is a false alarm.

@skliper skliper added the duplicate This issue or pull request already exists label Jan 26, 2021
@skliper skliper closed this as completed Jan 26, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
duplicate This issue or pull request already exists
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@avan989 @skliper