centos 7
access weakness #32

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

sssd-1.16.2/src/providers/ipa/selinux_child.c

Context:

The highlighted line of code below is the trigger point of this particular Centos 7 access weakness.

     r->buf = NULL;
    r->size = 0;

    ret = pack_buffer(r, result);
    if (ret != EOK) {
        DEBUG(SSSDBG_CRIT_FAILURE, "pack_buffer failed\n");
        return ret;
    }

    *rsp = r;
    DEBUG(SSSDBG_TRACE_ALL, "r->size: %zu\n", r->size);
    return EOK;
}

static int sc_set_seuser(const char *login_name, const char *seuser_name,
                         const char *mls)
{
    int ret;
    mode_t old_mask;

    /* This is a workaround for
     * https://bugzilla.redhat.com/show_bug.cgi?id=1186422 to make sure
     * the directories are created with the expected permissions
     */
    old_mask = umask(0);
    if (strcmp(seuser_name, "") == 0) {
        /* An empty SELinux user should cause SSSD to use the system
         * default. We need to remove the SELinux user from the DB
         * in that case
         */
        ret = sss_del_seuser(login_name);
    } else {
        ret = sss_set_seuser(login_name, seuser_name, mls);
    }
    umask(old_mask);
    return ret;
}

static bool seuser_needs_update(const char *username,
                                const char *seuser,
                                const char *mls_range)
{
    bool needs_update = true;
    char *db_seuser = NULL;
    char *db_mls_range = NULL;
    errno_t ret;

    ret = sss_get_seuser(username, &db_seuser, &db_mls_range);
    DEBUG(SSSDBG_TRACE_INTERNAL,
          "sss_get_seuser: ret: %d seuser: %s mls: %s\n", 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.