Our website uses cookies to enhance your browsing experience.

Accept

Home

>

Documentation

>

Warnings

>

V1118. Excessive file permissions...

Introduction

How to enter the PVS-Studio license and what's the next move

PVS-Studio's trial mode

System requirements

Technologies used in PVS-Studio

Release history

Release history for previous versions (before 7.00)

Analyzing projects

On Windows

Getting acquainted with the PVS-Studio static code analyzer on Windows

Build-system independent analysis (C and C++)

Direct integration of the analyzer into build automation systems (C and C++)

On Linux and macOS

PVS-Studio C# installation on Linux and macOS

How to run PVS-Studio C# on Linux and macOS

Installing and updating PVS-Studio C++ on Linux

Installing and updating PVS-Studio C++ on macOS

How to run PVS-Studio C++ on Linux and macOS

Cross-platform

Direct use of Java analyzer from command line

Cross-platform analysis of C and C++ projects in PVS-Studio

PVS-Studio for embedded development

Analysis of C and C++ projects based on JSON Compilation Database

IDE

Get started with PVS-Studio in Visual Studio

Using PVS-Studio with JetBrains Rider and CLion

How to use the PVS-Studio extension for Qt Creator

How to integrate PVS-Studio in Qt Creator without the PVS-Studio plugin

Using the PVS-Studio extension for Visual Studio Code

Using PVS-Studio with IntelliJ IDEA and Android Studio

Build systems

Analyzing Visual Studio / MSBuild / .NET projects from the command line using PVS-Studio

Using PVS-Studio with the CMake module

Integrating PVS-Studio Java into the Gradle build system

Integrating PVS-Studio Java into the Maven build system

Game Engines

How to analyze Unity projects with PVS-Studio

Analysis of Unreal Engine projects

Continuous use of the analyzer in software development

Running PVS-Studio in Docker

Running PVS-Studio in Jenkins

Running PVS-Studio in TeamCity

How to upload analysis results to Jira

PVS-Studio and continuous integration

PVS-Studio's incremental analysis mode

Analyzing commits and pull requests

Unattended deployment of PVS-Studio

Speeding up the analysis of C and C++ code through distributed build systems (Incredibuild)

Integrating of PVS-Studio analysis results in code quality services (web dashboard)

Integration of PVS-Studio analysis results into DefectDojo

Integration of PVS-Studio analysis results into SonarQube

Integration of PVS-Studio analysis results into CodeChecker

Deploying the analyzer in cloud Continuous Integration services

Using with Travis CI

Using with CircleCI

Using with GitLab CI/CD

Using with GitHub Actions

Using with Azure DevOps

Using with AppVeyor

Using with Buddy

Managing analysis results

How to display the analyzer's most interesting warnings

How to use the OWASP diagnostic group in PVS-Studio

MISRA Coding Standards and Compliance

Baselining analysis results (suppressing warnings for existing code)

Handling the diagnostic messages list in Visual Studio

Suppression of false-positive warnings

How to view and convert analyzer's results

Relative paths in PVS-Studio log files

Viewing analysis results with C and C++ Compiler Monitoring UI

Notifying the developer teams (blame-notifier utility)

Filtering and handling the analyzer output through diagnostic configuration files (.pvsconfig)

Excluding files and directories from analysis

Additional configuration and resolving issues

Tips on speeding up PVS-Studio

PVS-Studio: troubleshooting

Additional diagnostics configuration

User annotation mechanism in JSON format

Annotating C and C++ entities in JSON format

Annotating C# entities in JSON format

Annotating Java entities in JSON format

Predefined PVS_STUDIO macro

Analysis configuration file (Settings.xml)

Settings: general

Settings: Common Analyzer Settings

Settings: Detectable Errors

Settings: Don't Check Files

Settings: Keyword Message Filtering

Settings: Registration

Settings: Specific Analyzer Settings

Analyzer diagnostics

PVS-Studio Messages

General Analysis (C++)

General Analysis (C#)

General Analysis (Java)

Micro-Optimizations (C++)

Micro-Optimizations (C#)

Diagnosis of 64-bit errors (Viva64, C++)

Customer specific requests (C++)

MISRA errors

AUTOSAR errors

OWASP errors (C++)

OWASP errors (C#)

OWASP errors (Java)

Problems related to code analyzer

Additional information

Credits and acknowledgements

May 19 2025

V1118. Excessive file permissions can lead to vulnerabilities. Consider restricting file permissions.

May 19 2025

Excessive file permissions indicate security risks and may lead to vulnerabilities.

The analyzer checks the following system calls for excessive permissions: open, creat, openat, chmod, fchmod, fchmodat, mkdir, mkdirat, mkfifo, mkfifoat, mknod, mknodat, mq_open, and sem_open.

The example:

void foo(int param)
{
  int perms = 0777;
  int fd = open("/path/to/file", O_CREAT | O_RDONLY, perms);
  if (fd < 0) return;
 
  // some work

  close(fd);
}

The code uses the open system call to open a file and process the information it contains. If the file does not exist, it will be created via the O_CREAT flag in the second argument and have permissions specified by the number in the third argument. In this case, the 0777 mask allows any user to read, write, or execute this file, which can lead to vulnerabilities.

To fix the error, modify the permission mask:

void foo(int param)
{
  int perms = 0644;
  int fd = open("/path/to/file", O_CREAT | O_RDONLY, perms);
  if (fd < 0) return;
 
  // some work

  close(fd);
}

This diagnostic is classified as:

CWE-269

Was this page helpful?

If you can’t find an answer to your question, fill in the form below and our developers will contact you

By clicking this button you agree to our Privacy Policy statement

Want to try PVS‑Studio for free?