centos 7
access weakness #39

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

sssd-1.16.2/src/responder/common/responder_common.c

Context:

The highlighted line of code below is the trigger point of this particular Centos 7 access weakness.

     if (ret != 0 && errno != ENOENT) {
        ret = errno;
        DEBUG(SSSDBG_MINOR_FAILURE,
              "Cannot remove old socket (errno=%d [%s]), bind might fail!\n",
              ret, sss_strerror(ret));
    }

    if (bind(fd, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
        DEBUG(SSSDBG_FATAL_FAILURE,
              "Unable to bind on socket '%s'\n", sock_name);
        ret = EIO;
        goto done;
    }
    if (listen(fd, 10) == -1) {
        DEBUG(SSSDBG_FATAL_FAILURE,
              "Unable to listen on socket '%s'\n", sock_name);
        ret = EIO;
        goto done;
    }

    ret = EOK;

done:
    /* restore previous umask value */
    umask(orig_umaskval);
    if (ret == EOK) {
        *_fd = fd;
    } else {
        close(fd);
    }
    return ret;
}

/* create a unix socket and listen to it */
static int set_unix_socket(struct resp_ctx *rctx,
                           connection_setup_t conn_setup)
{
    errno_t ret;
    struct accept_fd_ctx *accept_ctx = NULL;

/* for future use */
#if 0
    char *default_pipe;
    int ret;

    default_pipe = talloc_asprintf(rctx, "%s/%s", PIPE_PATH,
                                   rctx->sss_pipe_name);
    if (!default_pipe) {
        return ENOMEM;
    } 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.