logo

Permission Race Condition During Resource Copy

Draft Compound
Structure: Composite
Description

This vulnerability occurs when a system copies a file or resource but delays setting its final permissions until the entire copy operation is finished. During the copy process, the resource remains exposed with default or overly permissive access, creating a temporary window where unauthorized users or processes could read, modify, or delete it.

Extended Description

This race condition is a classic time-of-check to time-of-use (TOCTOU) flaw specific to resource duplication. When an application copies a file—for example, during installation, backup, or user upload—it often creates the new file with broad default permissions (like world-readable) to ensure the copy succeeds. The intended restrictive permissions are only applied after the data transfer is complete. This gap, however brief, is a real security risk, especially on multi-user systems or shared hosting environments where other processes are actively running. To prevent this, developers should implement atomic operations where possible, such as creating the file with the correct permissions from the outset before writing data. Alternatively, copy operations can be performed in a secure, isolated temporary location with strict access controls, and the file should only be moved to its final destination after both the data and the correct permissions are fully applied, eliminating the exposure window.
Common Consequences 1
Scope: ConfidentialityIntegrity

Impact: Read Application DataModify Application Data
Observed Examples 5
CVE-2002-0760Archive extractor decompresses files with world-readable permissions, then later sets permissions to what the archive specified.
CVE-2005-2174Product inserts a new object into database before setting the object's permissions, introducing a race condition.
CVE-2006-5214Error file has weak permissions before a chmod is performed.
CVE-2005-2475Archive permissions issue using hard link.
CVE-2003-0265Database product creates files world-writable before initializing the setuid bits, leading to modification of executables.
References 1
The Art of Software Security Assessment
Mark Dowd, John McDonald, and Justin Schuh
Addison Wesley
2006
ID: REF-62
Applicable Platforms
Languages:
C : UndeterminedPerl : Undetermined
Modes of Introduction
Implementation
Related Attack Patterns
Related Weaknesses
ChildOf: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362)
Requires: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362)
Requires: Incorrect Permission Assignment for Critical Resource (CWE-732)
Notes
Research GapUnder-studied. It seems likely that this weakness could occur in any situation in which a complex or large copy operation occurs, when the resource can be made available to other spheres as soon as it is created, but before its initialization is complete.