centos 7
access weakness #24

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

svrcore-4.1.3/src/systemd-ask-pass.c

Context:

The highlighted line of code below is the trigger point of this particular Centos 7 access weakness.

 
#ifdef DEBUG
    printf("systemd:getPin() -> path exists\n");
#endif

    // Create the socket
    //  The socket has to end up as /run/system/ask-password/sck.xxxxx
#ifdef DEBUG
    printf("systemd:getPin() -> creating socket %s \n", socket_path);
#endif

    err = _create_socket(&socket_path, &socket_fd);
    if (err != SVRCORE_Success) {
        fprintf(stderr, "SVRCORE systemd:getPin() -> creating socket FAILED %d\n", err);
        free(token);
        token = NULL;
        goto out;
    }

#ifdef DEBUG
    printf("systemd:getPin() -> creating tmp file %s \n", tmp_path);
#endif


    umask( S_IWGRP | S_IWOTH );
    tmp_fd = fopen(tmp_path, "w");

    if (tmp_fd == NULL) {
        fprintf(stderr, "SVRCORE systemd:getPin() -> opening ask file FAILED\n");
        err = SVRCORE_IOOperationError;
        free(token);
        token = NULL;
        goto out;
    }

    // Create the inf file asking for the password
    //    Write data to the file
    //    [Ask]
    fprintf(tmp_fd, "[Ask]\n");
    //    PID=Our Pid
    fprintf(tmp_fd, "PID=%d\n", pid);
    //    Socket=fd of socket, or name? systemd code doesn't make this clear.
    fprintf(tmp_fd, "Socket=%s\n", socket_path);
    //    AcceptCached=0 or 1, but not docs on which means what ....
    fprintf(tmp_fd, "AcceptCached=0\n");
    //    Echo= Display password as entered or not
    fprintf(tmp_fd, "Echo=0\n");
    //    NotAfter= Number of microseconds from clock monotonic + timeout
    fprintf(tmp_fd, "NotAfter=%" PRIu64 "\n", until);
    //    Message=Prompt to display 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.