centos 7
access weakness #14


Weakness Breakdown


An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:



The highlighted line of code below is the trigger point of this particular Centos 7 access weakness.

 	rv = read(fd, buf, sizeof(buf));
	if (rv < 0) {
		log_error("lockfile read error %s: %s",
			  lockfile_path, strerror(errno));
		return -1;

	*pid = atoi(buf);

	return 0;

static int lockfile(void)
	char buf[16];
	struct flock lock;
	mode_t old_umask;
	int fd, rv;

	old_umask = umask(0022);
	rv = mkdir(DAEMON_RUN_DIR, 0775);
	if (rv < 0 && errno != EEXIST) {
		return rv;

	sprintf(lockfile_path, "%s/%s.pid", DAEMON_RUN_DIR, prog_name);

	fd = open(lockfile_path, O_CREAT|O_WRONLY|O_CLOEXEC, 0644);
	if (fd < 0) {
		log_error("lockfile open error %s: %s",
			  lockfile_path, strerror(errno));
		return -1;

	lock.l_type = F_WRLCK;
	lock.l_start = 0;
	lock.l_whence = SEEK_SET;
	lock.l_len = 0;

	rv = fcntl(fd, F_SETLK, &lock);
	if (rv < 0) {
		log_error("lockfile setlk error %s: %s",
			  lockfile_path, strerror(errno));
		goto fail;

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.