Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

rhel 6
access weakness #14

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

zsh-4.3.11/Src/Modules/files.c

Context:

The highlighted line of code below is the trigger point of this particular Red Hat Enterprise Linux 6 access weakness.

 		    }
		    *ptr = '/';
		}
	    }
	} else
	    err |= domkdir(nam, *args, mode, 0);
    }
    return err;
}

/**/
static int
domkdir(char *nam, char *path, mode_t mode, int p)
{
    int err;
    mode_t oumask;
    char const *rpath = unmeta(path);

    if(p) {
	struct stat st;

	if(!stat(rpath, &st) && S_ISDIR(st.st_mode))
	    return 0;
    }
    oumask = umask(0);
    err = mkdir(path, mode) ? errno : 0;
    umask(oumask);
    if(!err)
	return 0;
    zwarnnam(nam, "cannot make directory '%s': %e", path, err);
    return 1;
}

/* rmdir builtin */

/**/
static int
bin_rmdir(char *nam, char **args, UNUSED(Options ops), UNUSED(int func))
{
    int err = 0;

    for(; *args; args++) {
	char *rpath = unmeta(*args);

	if(!rpath) {
	    zwarnnam(nam, "%s: %e", *args, ENAMETOOLONG);
	    err = 1;
	} else if(rmdir(rpath)) {
	    zwarnnam(nam, "cannot remove directory '%s': %e", *args, errno);
	    err = 1; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.