alpine 3.9
obsolete weakness #553

1

Weakness Breakdown


Definition:

An obsolete weakness occurs when someone uses deprecated or obsolete functions when building a system. As a programming language evolves, some functions occasionally become obsolete.

Warning code(s):

This C routine is considered obsolete.

File Name:

firejail/src/firejail-0.9.56-LTS-release/src/firejail/sandbox.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.9 obsolete weakness.

 				if (pidname && strcmp(pidname, "dpid") == 0)
					found = 1;
				free(pidname);
			}
			if (found)
				break;

			monitored_pid = pid;
			break;
		}
		closedir(dir);

		if (monitored_pid != 0 && arg_debug)
			printf("Sandbox monitor: monitoring %d\n", monitored_pid);
	}

	// return the latest exit status.
	return status;
}

static void print_time(void) {
	if (start_timestamp) {
		unsigned long long end_timestamp = getticks();
		// measure 1 ms
		usleep(1000);
		unsigned long long onems = getticks() - end_timestamp;
		if (onems) {
			fmessage("Child process initialized in %.02f ms\n",
				(float) (end_timestamp - start_timestamp) / (float) onems);
			return;
		}
	}

	fmessage("Child process initialized\n");
}


// check execute permissions for the program
// this is done typically by the shell
// we are here because of --shell=none
// we duplicate execvp functionality (man execvp):
//	[...] if  the  specified
//	filename  does  not contain a slash (/) character. The file is sought
//	in the colon-separated list of directory pathnames  specified  in  the
//	PATH  environment  variable.
static int ok_to_run(const char *program) {
	if (strstr(program, "/")) {
		if (access(program, X_OK) == 0) // it will also dereference symlinks
			return 1;
	} 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.