The following code is part of a system daemon that is run with elevated privileges. It opens a temp file in /tmp directory as a cache. Is there an issue in this code sample? Please assume that filling up /tmp is not an issue here. int outfile = fopen(“/tmp/cache_data”, O_WRONLY | O_CREAT | O_TRUNC, 0600);

technology security

  1. Since the file name is hard coded, fopen() will fail if the file already exists

  2. 0600 is not a secure option. The parameter 0600 should be changed to 0666

  3. Attackers can exploit by creating a symboling link /tmp/cache_data that points to a system file

  4. Attackers can exploit the application's cache by writing directly to /tmp/cache_data

Show answer
Correct Option: C

Find more quizzes: