Permission Race Condition During Resource Copy

Draft Compound

Structure: Composite

Description

The product, while copying or cloning a resource, does not set the resource's permissions or access control until the copy is complete, leaving the resource exposed to other spheres while the copy is taking place.

Common Consequences 1

Scope: ConfidentialityIntegrity

Impact: Read Application DataModify Application Data

Observed Examples 5

CVE-2002-0760Archive extractor decompresses files with world-readable permissions, then later sets permissions to what the archive specified.

CVE-2005-2174Product inserts a new object into database before setting the object's permissions, introducing a race condition.

CVE-2006-5214Error file has weak permissions before a chmod is performed.

CVE-2005-2475Archive permissions issue using hard link.

CVE-2003-0265Database product creates files world-writable before initializing the setuid bits, leading to modification of executables.

References 1

The Art of Software Security Assessment

Mark Dowd, John McDonald, and Justin Schuh

Addison Wesley

2006

ID: REF-62

Applicable Platforms

Languages:

C : UndeterminedPerl : Undetermined

Modes of Introduction

Implementation

Related Attack Patterns

Related Weaknesses

ChildOf:

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362)

Requires:

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362)

Requires:

Incorrect Permission Assignment for Critical Resource (CWE-732)

Notes

Research GapUnder-studied. It seems likely that this weakness could occur in any situation in which a complex or large copy operation occurs, when the resource can be made available to other spheres as soon as it is created, but before its initialization is complete.