centos 7
access weakness #30

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

sssd-1.16.2/src/providers/ipa/ipa_deskprofile_rules_util.c

Context:

The highlighted line of code below is the trigger point of this particular Centos 7 access weakness.

     }

    old_umask = umask(0026);
    ret = sss_create_dir(IPA_DESKPROFILE_RULES_USER_DIR, domain, 0751,
                         getuid(), getgid());
    umask(old_umask);
    if (ret != EOK) {
        DEBUG(SSSDBG_CRIT_FAILURE,
              "Failed to create the directory \"%s/%s\" that would be used to "
              "store the Desktop Profile rules users' directory [%d]: %s\n",
              IPA_DESKPROFILE_RULES_USER_DIR, domain,
              ret, sss_strerror(ret));
        goto done;
    }

    domain_dir = talloc_asprintf(tmp_ctx, IPA_DESKPROFILE_RULES_USER_DIR"/%s",
                                 domain);
    if (domain_dir == NULL) {
        ret = ENOMEM;
        goto done;
    }

    /* In order to read, create and traverse the directory, we need to have its
     * permissions set as 'rwx------' (700). */
    old_umask = umask(0077);
    ret = sss_create_dir(domain_dir, shortname, 0700, uid, gid);
    umask(old_umask);
    if (ret != EOK) {
        DEBUG(SSSDBG_CRIT_FAILURE,
               "Failed to create the directory \"%s/%s/%s\" that would be used "
               "to store the Desktop Profile rules for the user \"%s\" [%d]: "
               "%s\n",
               IPA_DESKPROFILE_RULES_USER_DIR, domain, shortname, username,
               ret, sss_strerror(ret));
        goto done;
    }

    ret = EOK;

done:
    talloc_free(tmp_ctx);
    return ret;
}

static errno_t
ipa_deskprofile_get_normalized_rule_name(TALLOC_CTX *mem_ctx,
                                         const char *name,
                                         char **_rule_name)
{
    char buffer[PATH_MAX]; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.