centos 7
access weakness #28

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

sssd-1.16.2/src/providers/ipa/ipa_deskprofile_rules_util.c

Context:

The highlighted line of code below is the trigger point of this particular Centos 7 access weakness.

                                     const char *username, /* fully-qualified */
                                    uid_t uid,
                                    gid_t gid)
{
    TALLOC_CTX *tmp_ctx;
    char *shortname;
    char *domain;
    char *domain_dir;
    errno_t ret;
    mode_t old_umask;

    tmp_ctx = talloc_new(NULL);
    if (tmp_ctx == NULL) {
        return ENOMEM;
    }

    ret = sss_parse_internal_fqname(tmp_ctx, username, &shortname, &domain);
    if (ret != EOK) {
        DEBUG(SSSDBG_CRIT_FAILURE,
              "sss_parse_internal_fqname() failed [%d]: %s\n",
              ret, sss_strerror(ret));
        goto done;
    }

    old_umask = umask(0026);
    ret = sss_create_dir(IPA_DESKPROFILE_RULES_USER_DIR, domain, 0751,
                         getuid(), getgid());
    umask(old_umask);
    if (ret != EOK) {
        DEBUG(SSSDBG_CRIT_FAILURE,
              "Failed to create the directory \"%s/%s\" that would be used to "
              "store the Desktop Profile rules users' directory [%d]: %s\n",
              IPA_DESKPROFILE_RULES_USER_DIR, domain,
              ret, sss_strerror(ret));
        goto done;
    }

    domain_dir = talloc_asprintf(tmp_ctx, IPA_DESKPROFILE_RULES_USER_DIR"/%s",
                                 domain);
    if (domain_dir == NULL) {
        ret = ENOMEM;
        goto done;
    }

    /* In order to read, create and traverse the directory, we need to have its
     * permissions set as 'rwx------' (700). */
    old_umask = umask(0077);
    ret = sss_create_dir(domain_dir, shortname, 0700, uid, gid);
    umask(old_umask);
    if (ret != EOK) { 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.