centos 7
access weakness #22

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

snapper-0.2.8/server/snapperd.cc

Context:

The highlighted line of code below is the trigger point of this particular Centos 7 access weakness.

 	switch (c)
	{
	    case 's':
		log_stdout = true;
		break;

	    case 'd':
		log_debug = true;
		break;

	    case 'h':
		help();

	    default:
		usage();
	}
    }

    if (optind < argc)
    {
	cerr << "snapperd: unrecognized option '" << argv[optind] << "'" << endl;
	usage();
    }

    umask(0027);

    if (!log_stdout)
    {
	initDefaultLogger();
	setLogQuery(&log_query);
    }
    else
    {
	setLogDo(&log_do);
	setLogQuery(&log_query);
    }

    signal(SIGPIPE, SIG_IGN);

    dbus_threads_init_default();

    MyMainLoop mainloop(DBUS_BUS_SYSTEM);

    mainloop.set_idle_timeout(idle_time);

    y2mil("Requesting DBus name");

    mainloop.request_name(SERVICE, DBUS_NAME_FLAG_REPLACE_EXISTING);

    y2mil("Loading snapper configs"); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.